-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ws: Reject frames with unknown reserved bits set #16069
Conversation
RFC 6455 Section 5.2 notes that for bits RSV1, RSV2, and RSV3 of the framing header, a non-zero value that is not defined by a negotiated extension MUST Fail the WebSocket connection.
Analysis of PR #16069 at 2a60872e: Test 3028 failed, which has NOT been flaky recently, so there could be a real issue in this PR. Generated by Testclutch |
My new test failed in a mingw job, but I see that some WebSocket tests are disabled for that config: https://github.com/curl/curl/actions/runs/12903536775/job/35978986490?pr=16069#step:14:4233 curl/.github/workflows/windows.yml Line 180 in cd9107e
Doesn't feel right to add it to the ignore list myself though 😅 |
It's a flaky job, unrelated to this patch. It'd be nice to drop WebSockets from the ignore list on Windows, but some of those tests are flaky still on this platform, according to latest test runs. |
Update: this job fails the same after restart, and may be related: FAIL 2310: 'WebSockets unknown reserved bit set in frame header' WebSockets Edit: fails consistently on the 3rd run. |
I copied most of the test file from 2302, which seems to be skipped on that configuration. Should I look into this, skip the test, or wait for a more windows-y contributor to take a look? |
If you'd like to look into it, this would be a good opportunity. I'm not sure what it takes. If too much trouble, I think we should add 2310 to all the places in |
I don't have a mingw environment handy, and my application doesn't plan to support windows for several years, so I think I'm going to have to punt on investigating curl websocket issues in that environment. |
Thanks! |
RFC 6455 Section 5.2 notes that for bits RSV1, RSV2, and RSV3 of the framing header, a non-zero value that is not defined by a negotiated extension MUST Fail the WebSocket connection.
Related to #16065, which will assign meaning to RSV1 if the permessage-deflate extension was negotiated on the connection.