Skip to content
Permalink
Browse files
2009-11-11 Fumitoshi Ukai <ukai@chromium.org>
        Reviewed by Alexey Proskuryakov.

        Fix WebSocket frame parser of frame_type with high-order bit set.
        https://bugs.webkit.org/show_bug.cgi?id=30668

        * websocket/tests/frame-length-longer-than-buffer-expected.txt: Added.
        * websocket/tests/frame-length-longer-than-buffer.html: Added.
        * websocket/tests/frame-length-longer-than-buffer_wsh.py: Added.
        * websocket/tests/frame-length-skip-expected.txt: Added.
        * websocket/tests/frame-length-skip.html: Added.
        * websocket/tests/frame-length-skip_wsh.py: Added.
        * websocket/tests/script-tests/frame-length-longer-than-buffer.js: Added.
        * websocket/tests/script-tests/frame-length-skip.js: Added.
2009-11-11  Fumitoshi Ukai  <ukai@chromium.org>

        Reviewed by Alexey Proskuryakov.

        Fix WebSocket frame parser of frame_type with high-order bit set.
        https://bugs.webkit.org/show_bug.cgi?id=30668

        If buffer is smaller than frame's length, it should break the loop
        instead of reading next byte.

        Tests: websocket/tests/frame-length-longer-than-buffer.html
               websocket/tests/frame-length-skip.html

        * websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::didReceiveData):

Canonical link: https://commits.webkit.org/42291@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@50862 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
Fumitoshi Ukai committed Nov 12, 2009
1 parent 7631759 commit 6dbe0b281da6f9f24c86f28a674be0b30f95a31c
@@ -1,3 +1,19 @@
2009-11-11 Fumitoshi Ukai <ukai@chromium.org>

Reviewed by Alexey Proskuryakov.

Fix WebSocket frame parser of frame_type with high-order bit set.
https://bugs.webkit.org/show_bug.cgi?id=30668

* websocket/tests/frame-length-longer-than-buffer-expected.txt: Added.
* websocket/tests/frame-length-longer-than-buffer.html: Added.
* websocket/tests/frame-length-longer-than-buffer_wsh.py: Added.
* websocket/tests/frame-length-skip-expected.txt: Added.
* websocket/tests/frame-length-skip.html: Added.
* websocket/tests/frame-length-skip_wsh.py: Added.
* websocket/tests/script-tests/frame-length-longer-than-buffer.js: Added.
* websocket/tests/script-tests/frame-length-skip.js: Added.

2009-11-11 Csaba Osztrogonác <ossy@webkit.org>

Put tests into skiplist added in r50830 and r50839 because
@@ -0,0 +1,12 @@
Make sure WebSocket correctly skip lengthed frame even if received data has incomplete frame.

On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

WebSocket is open
received:hello
1
PASS areArraysEqual(received_messages, expected_messages) is true
PASS successfullyParsed is true

TEST COMPLETE

@@ -0,0 +1,13 @@
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
<script src="../../fast/js/resources/js-test-pre.js"></script>
<script src="../../fast/js/resources/js-test-post-function.js"></script>
</head>
<body>
<div id="description"></div>
<div id="console"></div>
<script src="script-tests/frame-length-longer-than-buffer.js"></script>
</body>
</html>
@@ -0,0 +1,10 @@
def web_socket_do_extra_handshake(request):
pass

def web_socket_transfer_data(request):
msg = "\0hello\xff"
msg += "\x80\x81\x81"
msg += "\x01\xff"
msg += "\0should be skipped\xff"
request.connection.write(msg)
print msg
@@ -0,0 +1,13 @@
Make sure WebSocket correctly skip lengthed frame.

On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

WebSocket is open
received:hello
received:world
2
PASS areArraysEqual(received_messages, expected_messages) is true
PASS successfullyParsed is true

TEST COMPLETE

@@ -0,0 +1,13 @@
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
<script src="../../fast/js/resources/js-test-pre.js"></script>
<script src="../../fast/js/resources/js-test-post-function.js"></script>
</head>
<body>
<div id="description"></div>
<div id="console"></div>
<script src="script-tests/frame-length-skip.js"></script>
</body>
</html>
@@ -0,0 +1,11 @@
def web_socket_do_extra_handshake(request):
pass

def web_socket_transfer_data(request):
msg = "\0hello\xff"
msg += "\x80\x81\x81"
msg += "\x01"
msg += "\0should be skipped" + (" " * 109) + "\xff"
msg += "\0world\xff"
request.connection.write(msg)
print msg
@@ -0,0 +1,34 @@
description("Make sure WebSocket correctly skip lengthed frame even if received data has incomplete frame.");
if (window.layoutTestController)
layoutTestController.waitUntilDone();

var received_messages = [];
var expected_messages = ["hello"];
function finish() {
debug(received_messages.length);
for (var i = 0; i < received_messages; i++) {
debug("received[" + i + "]=" + received_messages[i]);
}

shouldBeTrue("areArraysEqual(received_messages, expected_messages)");

isSuccessfullyParsed();
if (window.layoutTestController)
layoutTestController.notifyDone();
}

var ws = new WebSocket("ws://localhost:8880/websocket/tests/frame-length-longer-than-buffer");
ws.onopen = function () {
debug("WebSocket is open");
};
ws.onmessage = function (evt) {
debug("received:" + evt.data);
received_messages.push(evt.data);
};
ws.close = function () {
debug("WebSocket is closed");
finish();
};
setTimeout("finish()", 2000);

var successfullyParsed = true;
@@ -0,0 +1,34 @@
description("Make sure WebSocket correctly skip lengthed frame.");
if (window.layoutTestController)
layoutTestController.waitUntilDone();

var received_messages = [];
var expected_messages = ["hello", "world"];
function finish() {
debug(received_messages.length);
for (var i = 0; i < received_messages; i++) {
debug("received[" + i + "]=" + received_messages[i]);
}

shouldBeTrue("areArraysEqual(received_messages, expected_messages)");

isSuccessfullyParsed();
if (window.layoutTestController)
layoutTestController.notifyDone();
}

var ws = new WebSocket("ws://localhost:8880/websocket/tests/frame-length-skip");
ws.onopen = function () {
debug("WebSocket is open");
};
ws.onmessage = function (evt) {
debug("received:" + evt.data);
received_messages.push(evt.data);
};
ws.close = function () {
debug("WebSocket is closed");
finish();
};
setTimeout("finish()", 2000);

var successfullyParsed = true;
@@ -1,3 +1,19 @@
2009-11-11 Fumitoshi Ukai <ukai@chromium.org>

Reviewed by Alexey Proskuryakov.

Fix WebSocket frame parser of frame_type with high-order bit set.
https://bugs.webkit.org/show_bug.cgi?id=30668

If buffer is smaller than frame's length, it should break the loop
instead of reading next byte.

Tests: websocket/tests/frame-length-longer-than-buffer.html
websocket/tests/frame-length-skip.html

* websockets/WebSocketChannel.cpp:
(WebCore::WebSocketChannel::didReceiveData):

2009-11-11 Yusuke Sato <yusukes@chromium.org>

Reviewed by Adam Barth.
@@ -197,7 +197,8 @@ void WebSocketChannel::didReceiveData(SocketStreamHandle* handle, const char* da
if (p + length < end) {
p += length;
nextFrame = p;
}
} else
break;
} else {
const char* msgStart = p;
while (p < end && *p != '\xff')

0 comments on commit 6dbe0b2

Please sign in to comment.