|
 |
9bac43 |
From 137479576664767db121c512db49f4c40789fa52 Mon Sep 17 00:00:00 2001
|
|
|
9bac43 |
From: "Daniel P. Berrange" <berrange@redhat.com>
|
|
|
9bac43 |
Date: Wed, 20 Dec 2017 17:56:50 +0100
|
|
|
9bac43 |
Subject: [PATCH 10/42] io: Ignore websocket PING and PONG frames
|
|
|
9bac43 |
|
|
|
9bac43 |
RH-Author: Daniel P. Berrange <berrange@redhat.com>
|
|
|
9bac43 |
Message-id: <20171220175702.29663-9-berrange@redhat.com>
|
|
|
9bac43 |
Patchwork-id: 78460
|
|
|
9bac43 |
O-Subject: [RHV-7.5 qemu-kvm-rhev PATCH v2 08/20] io: Ignore websocket PING and PONG frames
|
|
|
9bac43 |
Bugzilla: 1518649
|
|
|
9bac43 |
RH-Acked-by: John Snow <jsnow@redhat.com>
|
|
|
9bac43 |
RH-Acked-by: Jeffrey Cody <jcody@redhat.com>
|
|
|
9bac43 |
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9bac43 |
|
|
|
9bac43 |
From: Brandon Carpenter <brandon.carpenter@cypherpath.com>
|
|
|
9bac43 |
|
|
|
9bac43 |
Keep pings and gratuitous pongs generated by web browsers from killing
|
|
|
9bac43 |
websocket connections.
|
|
|
9bac43 |
|
|
|
9bac43 |
Signed-off-by: Brandon Carpenter <brandon.carpenter@cypherpath.com>
|
|
|
9bac43 |
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
|
|
9bac43 |
(cherry picked from commit 01af17fc002414ee1ac0800babfb0edc2bef1a7d)
|
|
|
9bac43 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9bac43 |
---
|
|
|
9bac43 |
io/channel-websock.c | 21 +++++++++++++++++----
|
|
|
9bac43 |
1 file changed, 17 insertions(+), 4 deletions(-)
|
|
|
9bac43 |
|
|
|
9bac43 |
diff --git a/io/channel-websock.c b/io/channel-websock.c
|
|
|
9bac43 |
index b19b5d9..bfe4008 100644
|
|
|
9bac43 |
--- a/io/channel-websock.c
|
|
|
9bac43 |
+++ b/io/channel-websock.c
|
|
|
9bac43 |
@@ -115,6 +115,7 @@
|
|
|
9bac43 |
#define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_OPCODE 0x0f
|
|
|
9bac43 |
#define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_HAS_MASK 0x80
|
|
|
9bac43 |
#define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_PAYLOAD_LEN 0x7f
|
|
|
9bac43 |
+#define QIO_CHANNEL_WEBSOCK_CONTROL_OPCODE_MASK 0x8
|
|
|
9bac43 |
|
|
|
9bac43 |
typedef struct QIOChannelWebsockHeader QIOChannelWebsockHeader;
|
|
|
9bac43 |
|
|
|
9bac43 |
@@ -659,8 +660,11 @@ static int qio_channel_websock_decode_header(QIOChannelWebsock *ioc,
|
|
|
9bac43 |
return -1;
|
|
|
9bac43 |
}
|
|
|
9bac43 |
} else {
|
|
|
9bac43 |
- if (opcode != QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME) {
|
|
|
9bac43 |
- error_setg(errp, "only binary websocket frames are supported");
|
|
|
9bac43 |
+ if (opcode != QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME &&
|
|
|
9bac43 |
+ opcode != QIO_CHANNEL_WEBSOCK_OPCODE_PING &&
|
|
|
9bac43 |
+ opcode != QIO_CHANNEL_WEBSOCK_OPCODE_PONG) {
|
|
|
9bac43 |
+ error_setg(errp, "unsupported opcode: %#04x; only binary, ping, "
|
|
|
9bac43 |
+ "and pong websocket frames are supported", opcode);
|
|
|
9bac43 |
return -1;
|
|
|
9bac43 |
}
|
|
|
9bac43 |
}
|
|
|
9bac43 |
@@ -673,6 +677,9 @@ static int qio_channel_websock_decode_header(QIOChannelWebsock *ioc,
|
|
|
9bac43 |
ioc->payload_remain = payload_len;
|
|
|
9bac43 |
header_size = QIO_CHANNEL_WEBSOCK_HEADER_LEN_7_BIT;
|
|
|
9bac43 |
ioc->mask = header->u.m;
|
|
|
9bac43 |
+ } else if (opcode & QIO_CHANNEL_WEBSOCK_CONTROL_OPCODE_MASK) {
|
|
|
9bac43 |
+ error_setg(errp, "websocket control frame is too large");
|
|
|
9bac43 |
+ return -1;
|
|
|
9bac43 |
} else if (payload_len == QIO_CHANNEL_WEBSOCK_PAYLOAD_LEN_MAGIC_16_BIT &&
|
|
|
9bac43 |
ioc->encinput.offset >= QIO_CHANNEL_WEBSOCK_HEADER_LEN_16_BIT) {
|
|
|
9bac43 |
ioc->payload_remain = be16_to_cpu(header->u.s16.l16);
|
|
|
9bac43 |
@@ -728,9 +735,15 @@ static int qio_channel_websock_decode_payload(QIOChannelWebsock *ioc,
|
|
|
9bac43 |
}
|
|
|
9bac43 |
}
|
|
|
9bac43 |
|
|
|
9bac43 |
+ /* Drop the payload of ping/pong packets */
|
|
|
9bac43 |
+ if (ioc->opcode == QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME) {
|
|
|
9bac43 |
+ if (payload_len) {
|
|
|
9bac43 |
+ buffer_reserve(&ioc->rawinput, payload_len);
|
|
|
9bac43 |
+ buffer_append(&ioc->rawinput, ioc->encinput.buffer, payload_len);
|
|
|
9bac43 |
+ }
|
|
|
9bac43 |
+ }
|
|
|
9bac43 |
+
|
|
|
9bac43 |
if (payload_len) {
|
|
|
9bac43 |
- buffer_reserve(&ioc->rawinput, payload_len);
|
|
|
9bac43 |
- buffer_append(&ioc->rawinput, ioc->encinput.buffer, payload_len);
|
|
|
9bac43 |
buffer_advance(&ioc->encinput, payload_len);
|
|
|
9bac43 |
}
|
|
|
9bac43 |
return 0;
|
|
|
9bac43 |
--
|
|
|
9bac43 |
1.8.3.1
|
|
|
9bac43 |
|