Project

General

Profile

Bug #2858

Wrong websocket frametype if frame is longer then UINT16_MAX

Added by rschmid 11 months ago. Updated 9 months ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
mod_wstunnel
Target version:
Start date:
2018-01-19
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:

Description

Hello,

I tried mod_wstunnel in lighttpd 1.4.48. If the framesize is bigger then UINT16_MAX in RFC 6455 the frametype in websocket header buffer (mem) on pos 0 is been overwriten by

memset(mem, 0, sizeof(mem)); 
(mod_wstunnel.c line 1125).

Associated revisions

Revision 30fe3684 (diff)
Added by gstrauss 11 months ago

[mod_wstunnel] fix for frames larger than 64k (fixes #2858)

(thx rschmid)

x-ref:
"Wrong websocket frametype if frame is longer then UINT16_MAX"
https://redmine.lighttpd.net/issues/2858

History

#1

Updated by stbuehler 11 months ago

That line also doesn't seem to be needed for something else given the other 9 bytes are all explicitly set.

#2

Updated by rschmid 11 months ago

stbuehler wrote:

That line also doesn't seem to be needed for something else given the other 9 bytes are all explicitly set.

you are right

This diff worked for me

--- a/src/mod_wstunnel.c    2018-01-19 12:17:14.774391315 +0100
+++ b/src/mod_wstunnel.c    2018-01-19 12:18:32.061732967 +0100
@@ -1122,7 +1122,6 @@ static int send_rfc_6455(handler_ctx *hc
         len = 1+MOD_WEBSOCKET_FRAME_LEN16_CNT+1;
     }
     else {
-        memset(mem, 0, sizeof(mem));
         mem[1] = MOD_WEBSOCKET_FRAME_LEN63;
         mem[2] = 0;
         mem[3] = 0;
#3

Updated by gstrauss 11 months ago

  • Category set to mod_wstunnel
  • Status changed from New to Patch Pending
  • Target version changed from 1.4.x to 1.4.49

Yes, that's a bug. Sorry. Will push a fix to lighttpd git master soon.

#4

Updated by gstrauss 11 months ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
#5

Updated by pidloop 9 months ago

Thanks for finding and fixing this one, it was critical to my application. I had been using 1.4.48 and was getting "Received unexpected continuation frame" whenever my backend process would send a large message. 1.4.49 fixed it and now it works great. I'll now go make a donation!

BTW, I am using Centos 7 which still only has 1.4.48 in its default repository. Not sure who manages that but it would be great if this could be updated to 1.4.49 to save me the trouble of building lighttpd 1.4.19 from source on my other systems.

Thanks again!

#6

Updated by avij 9 months ago

You are likely using lighttpd from EPEL. CentOS itself does not have lighttpd. Try "yum update --enablerepo=epel-testing". If it works, please give positive karma on https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2a3d51dc83 to make the package move from testing to stable quicker.

Also available in: Atom