-
Notifications
You must be signed in to change notification settings - Fork 7.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Websocket secure server control frames bug (IDFGH-7209) #8803
Comments
Confirmed !!!!!!! The patch was not applied to esp-idf !!!!! Please update this !!!!! |
@baldhead69 Yes, it was not applied to any idf version. I think userspace parse the payload in PING control frame is not very common. Our websocket server only need support common case. If you need this, you can apply patch manually. |
@ESP-YJM , There is no payload. The problem is another. Test with client sending ping without payload and you will see de problem. |
@baldhead69 Do you mean this patch(https://github.com/espressif/esp-idf/files/7095983/1.zip)? |
This patch: |
@ESP-YJM By common use-case do you mean client not sending PINGS and only the server doing the same, or you mean server not parsing the payload that comes with the PING? If it's the latter - I think the PING payload is an optional thing according to the standards. But the library here doesn't support an incoming zero payload PING. I get a warning first as "httpd_ws: httpd_ws_recv_frame: Failed to receive the second byte" and finally the error If it's the former, if you think it's not common for clients to send PINGS - well if might be true for browsers, but what about non-browser clients? I am using ESP-32 for my IoT project and want my android client, which is connected locally to the ESP device via a websocket connection, to be able to let the user know of any disconnections from the server side. And to achieve that I need to send PINGS to the server at certain intervals. I don't think this is an unusual use-case. |
The patch that i commented above resolve this bug, but espressif team dont want to add this patch to esp idf. Why ? I dont know. "I don't think @baldhead69 here is asking for the ability of the user to parse the PING payload. If I am not mistaken, they want the zero payload PING to be allowed and that when there is such a PING request from the client a PONG response to be sent subsequently." I am sending a ping with zero payload from my local android application every 25 seconds. |
@baldhead69 Thank for the reply. I tried the patch, even though the terminal said patch was unsuccessful, I think it was successful. And coming to my observations, I found that this time the PINGS are accepted by the server, but there are no PONG responses, so my client (OkHttp Websocket) closes the connection. Indeed, when I checked the change in the patch, in the "httpd_ws.c" file, a blob of code corresponding to sending of PONG response is absent in the patch. Are there any other changes in any other part of the file/repo that I missed? Please let me know. |
I think that when the handle_ws_control_frames = true, the background websocket lib doesn't send pong, maybe if handle_ws_control_frames = false the background websocket lib respond with a pong. In my case i used handle_ws_control_frames = true and i implemented a pong response when i receive a ping frame inside uri handler. |
@ESP-YJM , The close frame received from client have some problems too. Could it be because I'm releasing the resources allocated to the socket as soon as the "closed_socket_handler" function is called ?
Error:
|
I think I found the issue. In the "httpd_ws.c" file, if I remove/comment the following lines, I am able to send the PONG responses. if(httpd_ws_recv_frame(req, &frame, 126) != ESP_OK) { Of course in my ws_handler I had to bypass this check(for calculating frame length) - httpd_ws_recv_frame() just for the HTTPD_WS_TYPE_PING type. I am wondering what is the significance of the above lines in the code? @ESP-YJM Is it for security reasons? |
So sorry for replying so late. @baldhead69 @ansuman87 I think the root reason that show |
Hi,
The ping sent by client application and received by server are bug.
Same problem than this bug open by me eight months ago.
I think the patch was not applied to any esp-idf.
#7493
The text was updated successfully, but these errors were encountered: