Mercurial > prosody-modules
comparison mod_websocket/mod_websocket.lua @ 1029:9d85aded2fb6
mod_websocket: Add some more error checks for close frames
author | Florian Zeitz <florob@babelmonkeys.de> |
---|---|
date | Thu, 30 May 2013 23:55:13 +0200 |
parents | 81065638299d |
children | bbe278a56b0a |
comparison
equal
deleted
inserted
replaced
1028:81065638299d | 1029:9d85aded2fb6 |
---|---|
164 if frame.RSV1 or frame.RSV2 or frame.RSV3 then -- Reserved bits non zero | 164 if frame.RSV1 or frame.RSV2 or frame.RSV3 then -- Reserved bits non zero |
165 websocket_close(1002, "Reserved bits not zero"); | 165 websocket_close(1002, "Reserved bits not zero"); |
166 return false; | 166 return false; |
167 end | 167 end |
168 | 168 |
169 if opcode >= 0x8 and length > 125 then -- Control frame with too much payload | 169 if opcode == 0x8 then |
170 websocket_close(1002, "Payload too large"); | 170 if length == 1 then |
171 return false; | 171 websocket_close(1002, "Close frame with payload, but too short for status code"); |
172 end | 172 return false; |
173 | 173 elseif length >= 2 then |
174 if opcode >= 0x8 and not frame.FIN then -- Fragmented control frame | 174 local status_code = s_byte(frame.data, 1) * 256 + s_byte(frame.data, 2) |
175 websocket_close(1002, "Fragmented control frame"); | 175 if status_code < 1000 then |
176 return false; | 176 websocket_close(1002, "Closed with invalid status code"); |
177 return false; | |
178 elseif ((status_code > 1003 and status_code < 1007) or status_code > 1011) and status_code < 3000 then | |
179 websocket_close(1002, "Cosed with reserved status code"); | |
180 return false; | |
181 end | |
182 end | |
183 end | |
184 | |
185 if opcode >= 0x8 then | |
186 if length > 125 then -- Control frame with too much payload | |
187 websocket_close(1002, "Payload too large"); | |
188 return false; | |
189 end | |
190 | |
191 if not frame.FIN then -- Fragmented control frame | |
192 websocket_close(1002, "Fragmented control frame"); | |
193 return false; | |
194 end | |
177 end | 195 end |
178 | 196 |
179 if (opcode > 0x2 and opcode < 0x8) or (opcode > 0xA) then | 197 if (opcode > 0x2 and opcode < 0x8) or (opcode > 0xA) then |
180 websocket_close(1002, "Reserved opcode"); | 198 websocket_close(1002, "Reserved opcode"); |
181 return false; | 199 return false; |