Mercurial > prosody-modules
diff mod_websocket/mod_websocket.lua @ 1029:9d85aded2fb6
mod_websocket: Add some more error checks for close frames
author | Florian Zeitz <florob@babelmonkeys.de> |
---|---|
date | Thu, 30 May 2013 23:55:13 +0200 |
parents | 81065638299d |
children | bbe278a56b0a |
line wrap: on
line diff
--- a/mod_websocket/mod_websocket.lua Thu May 30 23:49:14 2013 +0200 +++ b/mod_websocket/mod_websocket.lua Thu May 30 23:55:13 2013 +0200 @@ -166,14 +166,32 @@ return false; end - if opcode >= 0x8 and length > 125 then -- Control frame with too much payload - websocket_close(1002, "Payload too large"); - return false; + if opcode == 0x8 then + if length == 1 then + websocket_close(1002, "Close frame with payload, but too short for status code"); + return false; + elseif length >= 2 then + local status_code = s_byte(frame.data, 1) * 256 + s_byte(frame.data, 2) + if status_code < 1000 then + websocket_close(1002, "Closed with invalid status code"); + return false; + elseif ((status_code > 1003 and status_code < 1007) or status_code > 1011) and status_code < 3000 then + websocket_close(1002, "Cosed with reserved status code"); + return false; + end + end end - if opcode >= 0x8 and not frame.FIN then -- Fragmented control frame - websocket_close(1002, "Fragmented control frame"); - return false; + if opcode >= 0x8 then + if length > 125 then -- Control frame with too much payload + websocket_close(1002, "Payload too large"); + return false; + end + + if not frame.FIN then -- Fragmented control frame + websocket_close(1002, "Fragmented control frame"); + return false; + end end if (opcode > 0x2 and opcode < 0x8) or (opcode > 0xA) then