# HG changeset patch
# User Florian Zeitz <florob@babelmonkeys.de>
# Date 1369950913 -7200
# Node ID 9d85aded2fb6a4da372f1e52d30e0941faad751c
# Parent  81065638299df62880261220dfe2264354847043
mod_websocket: Add some more error checks for close frames

diff -r 81065638299d -r 9d85aded2fb6 mod_websocket/mod_websocket.lua
--- a/mod_websocket/mod_websocket.lua	Thu May 30 23:49:14 2013 +0200
+++ b/mod_websocket/mod_websocket.lua	Thu May 30 23:55:13 2013 +0200
@@ -166,14 +166,32 @@
 			return false;
 		end
 
-		if opcode >= 0x8 and length > 125 then -- Control frame with too much payload
-			websocket_close(1002, "Payload too large");
-			return false;
+		if opcode == 0x8 then
+			if length == 1 then
+				websocket_close(1002, "Close frame with payload, but too short for status code");
+				return false;
+			elseif length >= 2 then
+				local status_code = s_byte(frame.data, 1) * 256 + s_byte(frame.data, 2)
+				if status_code < 1000 then
+					websocket_close(1002, "Closed with invalid status code");
+					return false;
+				elseif ((status_code > 1003 and status_code < 1007) or status_code > 1011) and status_code < 3000 then
+					websocket_close(1002, "Cosed with reserved status code");
+					return false;
+				end
+			end
 		end
 
-		if opcode >= 0x8 and not frame.FIN then -- Fragmented control frame
-			websocket_close(1002, "Fragmented control frame");
-			return false;
+		if opcode >= 0x8 then
+			if length > 125 then -- Control frame with too much payload
+				websocket_close(1002, "Payload too large");
+				return false;
+			end
+
+			if not frame.FIN then -- Fragmented control frame
+				websocket_close(1002, "Fragmented control frame");
+				return false;
+			end
 		end
 
 		if (opcode > 0x2 and opcode < 0x8) or (opcode > 0xA) then