Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong error code if Sec-WebSocket-Accept header field missed or value wrong #1120

Closed
petersmar opened this issue Jan 14, 2016 · 1 comment
Closed

Wrong error code if Sec-WebSocket-Accept header field missed or value wrong #1120

petersmar opened this issue Jan 14, 2016 · 1 comment
Labels
bug fixed
Milestone
Release 2.0.0

Comments

@petersmar
Copy link

In WebSocket.h several error codes for exceptions are defined:

    enum ErrorCodes
        /// These error codes can be obtained from a WebSocketException
        /// to determine the exact cause of the error.
    {
        WS_ERR_NO_HANDSHAKE                   = 1,
            /// No Connection: Upgrade or Upgrade: websocket header in handshake request.
        WS_ERR_HANDSHAKE_NO_VERSION           = 2,
            /// No Sec-WebSocket-Version header in handshake request.
        WS_ERR_HANDSHAKE_UNSUPPORTED_VERSION  = 3,
            /// Unsupported WebSocket version requested by client.
        WS_ERR_HANDSHAKE_NO_KEY               = 4,
            /// No Sec-WebSocket-Key header in handshake request.
        WS_ERR_HANDSHAKE_ACCEPT               = 5,
            /// No Sec-WebSocket-Accept header or wrong value.
        WS_ERR_UNAUTHORIZED                   = 6,
            /// The server rejected the username or password for authentication.
        WS_ERR_PAYLOAD_TOO_BIG                = 10,
            /// Payload too big for supplied buffer.
        WS_ERR_INCOMPLETE_FRAME               = 11
            /// Incomplete frame received.
    };

There is also an error code WS_ERR_HANDSHAKE_ACCEPT which should be set to WebSocketException in case the header field Sec-WebSocket-Accept is missed in HTTP response or has invalid value. But instead WS_ERR_NO_HANDSHAKE is returned.

See method WebSocket::completeHandshake

WebSocketImpl* WebSocket::completeHandshake(HTTPClientSession& cs, HTTPResponse& response, const std::string& key)
{
    std::string connection = response.get("Connection", "");
    if (Poco::icompare(connection, "Upgrade") != 0) 
        throw WebSocketException("No Connection: Upgrade header in handshake response", WS_ERR_NO_HANDSHAKE);
    std::string upgrade = response.get("Upgrade", "");
    if (Poco::icompare(upgrade, "websocket") != 0)
        throw WebSocketException("No Upgrade: websocket header in handshake response", WS_ERR_NO_HANDSHAKE);
    std::string accept = response.get("Sec-WebSocket-Accept", "");
    if (accept != computeAccept(key))
        throw WebSocketException("Invalid or missing Sec-WebSocket-Accept header in handshake response", WS_ERR_NO_HANDSHAKE);
    return new WebSocketImpl(static_cast<StreamSocketImpl*>(cs.detachSocket().impl()), true);
}

Detect in version 1.6.0
In version 1.6.1 it is the same.
aleks-f added a commit that referenced this issue Jan 14, 2016
@aleks-f
Wrong error code if Sec-WebSocket-Accept header field missed or value…
0b5c509 
… wrong #1120
@aleks-f aleks-f added the bug label Jan 14, 2016
@aleks-f aleks-f added this to the Release 1.7.0 milestone Jan 14, 2016
@aleks-f aleks-f added the fixed label Jan 14, 2016
obiltschnig pushed a commit that referenced this issue Feb 27, 2016
@aleks-f @obiltschnig
Wrong error code if Sec-WebSocket-Accept header field missed or value…
ee9b200 
… wrong #1120
@obiltschnig
Copy link
Member

fixed in 1.6.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug fixed
Projects
None yet
Milestone
Release 2.0.0
Development

No branches or pull requests
3 participants
@obiltschnig @aleks-f @petersmar