Permalink
Browse files

Check for HTTP 101 response code, and if there is any failure in the

response code on in the headers, close the connection.
  • Loading branch information...
1 parent 881c6ca commit 6c42988804788b1cbfd7b58ef8dc587ed67e4ee9 @ahyatt committed Jun 3, 2012
Showing with 43 additions and 2 deletions.
  1. +23 −0 websocket-test.el
  2. +20 −2 websocket.el
View
@@ -108,6 +108,11 @@
(defun websocket-test-header-with-lines (&rest lines)
(mapconcat 'identity (append lines '("\r\n")) "\r\n"))
+(ert-deftest websocket-verify-response-code ()
+ (should (websocket-verify-response-code "HTTP/1.1 101"))
+ (should-error (websocket-verify-response-code "HTTP/1.1 400"))
+ (should-error (websocket-verify-response-code "HTTP/1.1 200")))
+
(ert-deftest websocket-verify-headers ()
(let ((accept "Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=")
(invalid-accept "Sec-WebSocket-Accept: bad")
@@ -312,6 +317,7 @@
(websocket-encode-frame frame2))))
(flet ((websocket-process-frame (websocket frame)
(push frame processed-frames))
+ (websocket-verify-response-code (output) t)
(websocket-verify-headers (websocket output) t))
(websocket-outer-filter fake-ws "Sec-")
(should (eq (websocket-ready-state fake-ws) 'connecting))
@@ -325,6 +331,23 @@
(websocket-outer-filter fake-ws (substring websocket-frames 2))
(should (equal (list frame2 frame1) processed-frames)))))
+(ert-deftest websocket-outer-filter-bad-connection ()
+ (let* ((on-open-calledp)
+ (websocket-closed-calledp)
+ (fake-ws (websocket-inner-create
+ :conn t :url t :accept-string t
+ :on-open (lambda (websocket)
+ (setq on-open-calledp t)))))
+ (flet ((websocket-verify-response-code (output) t)
+ (websocket-verify-headers (websocket output) (error "Bad headers!"))
+ (websocket-close (websocket) (setq websocket-closed-calledp t)))
+ (condition-case err
+ (progn (websocket-outer-filter fake-ws "HTTP/1.1 101\r\n\r\n")
+ (error "Should have thrown an error!"))
+ (error
+ (should-not on-open-calledp)
+ (should websocket-closed-calledp))))))
+
(defun websocket-test-get-filtered-response-with-error
(frames &optional callback)
(let* ((filter-frames)
View
@@ -402,6 +402,17 @@ These are defined as in `websocket-open'."
(insert (apply 'format (append (list msg) args)))
(insert "\n"))))))
+(defun websocket-verify-response-code (output)
+ "Verify that OUTPUT contains a valid HTTP response code.
+The only acceptable one to websocket is responce code 101.
+A t value will be returned on success, and an error thrown
+if not."
+ (string-match "HTTP/1.1 \\([[:digit:]]+\\)" output)
+ (unless (equal "101" (match-string 1 output))
+ (error "Bad HTTP response code while opening websocket connection: %s"
+ (match-string 1 output)))
+ t)
+
(defun websocket-verify-headers (websocket output)
"Based on WEBSOCKET's data, ensure the headers in OUTPUT are valid.
The output is assumed to have complete headers. This function
@@ -469,7 +480,8 @@ If the frame is a close, we terminate the connection."
(defun websocket-outer-filter (websocket output)
"Filter the WEBSOCKET server's OUTPUT.
This will parse headers and process frames repeatedly until there
-is no more output or the connection closes."
+is no more output or the connection closes. If the websocket
+connection is invalid, the connection will be closed."
(websocket-debug websocket "Received: %s" output)
(let ((start-point)
(end-point 0)
@@ -480,7 +492,13 @@ is no more output or the connection closes."
(when (and (eq 'connecting (websocket-ready-state websocket))
(setq header-end-pos (string-match "\r\n\r\n" text))
(setq start-point (+ 4 header-end-pos)))
- (websocket-verify-headers websocket text)
+ (condition-case err
+ (progn
+ (websocket-verify-response-code text)
+ (websocket-verify-headers websocket text))
+ (error
+ (websocket-close websocket)
+ (error err)))
(setf (websocket-ready-state websocket) 'open)
(condition-case err
(funcall (websocket-on-open websocket) websocket)

0 comments on commit 6c42988

Please sign in to comment.