Changeset 112499 in webkit

Timestamp:

Mar 28, 2012 9:22:12 PM (12 years ago)

Author:

commit-queue@webkit.org

Message:

[WebSocket]Browser must fail connection if Sec-WebSocket-Protocol mismatched.
​https://bugs.webkit.org/show_bug.cgi?id=82307

Patch by Li Yin <​li.yin@intel.com> on 2012-03-28
Reviewed by Kent Tamura.

Source/WebCore:

From RFC6455: ​http://tools.ietf.org/html/rfc6455#section-4.1
If the WebSocket openhanding respond included the mismatched
Sec-WebSocket-Protocol header field, the client must fail the WebSocket Connection.

Test: http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header.html

• Modules/websockets/WebSocketHandshake.cpp:

(WebCore::WebSocketHandshake::checkResponseHeaders):

LayoutTests:

From RFC6455: ​http://tools.ietf.org/html/rfc6455#section-4.1
If the response includes a |Sec-WebSocket-Protocol| header field
and this header field indicates the use of a subprotocol that was
not present in the client's handshake (the server has indicated a
subprotocol not requested by the client), the client MUST _Fail
the WebSocket Connection_.

• http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header-expected.txt: Added.
• http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header.html: Added.
• http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header_wsh.py: Added.

(web_socket_do_extra_handshake):
(web_socket_transfer_data):

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header-expected.txt (added)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header.html (added)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header_wsh.py (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/websockets/WebSocket.cpp (modified) (2 diffs)
• Source/WebCore/Modules/websockets/WebSocket.h (modified) (1 diff)
• Source/WebCore/Modules/websockets/WebSocketHandshake.cpp (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2012-03-28  Li Yin  <li.yin@intel.com>
+
+        [WebSocket]Browser must fail connection if Sec-WebSocket-Protocol mismatched.
+        https://bugs.webkit.org/show_bug.cgi?id=82307
+
+        Reviewed by Kent Tamura.
+
+        From RFC6455: http://tools.ietf.org/html/rfc6455#section-4.1
+        If the response includes a |Sec-WebSocket-Protocol| header field
+        and this header field indicates the use of a subprotocol that was
+        not present in the client's handshake (the server has indicated a
+        subprotocol not requested by the client), the client MUST _Fail
+        the WebSocket Connection_.
+
+        * http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header-expected.txt: Added.
+        * http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header.html: Added.
+        * http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header_wsh.py: Added.
+        (web_socket_do_extra_handshake):
+        (web_socket_transfer_data):
+
 2012-03-28  David Grogan  <dgrogan@chromium.org>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-03-28  Li Yin  <li.yin@intel.com>
+
+        [WebSocket]Browser must fail connection if Sec-WebSocket-Protocol mismatched.
+        https://bugs.webkit.org/show_bug.cgi?id=82307
+
+        Reviewed by Kent Tamura.
+
+        From RFC6455: http://tools.ietf.org/html/rfc6455#section-4.1
+        If the WebSocket openhanding respond included the mismatched
+        Sec-WebSocket-Protocol header field, the client must fail the WebSocket Connection.
+
+        Test: http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header.html
+
+        * Modules/websockets/WebSocketHandshake.cpp:
+        (WebCore::WebSocketHandshake::checkResponseHeaders):
+
 2012-03-28  Jessie Berlin  <jberlin@apple.com>
 

trunk/Source/WebCore/Modules/websockets/WebSocket.cpp

@@ -146 +146 @@
 {
     return webSocketsAvailable;
+}
+
+const char* WebSocket::subProtocolSeperator()
+{
+    return ", ";
 }
 
@@ -268 +273 @@
 
         if (!protocols.isEmpty())
-            protocolString = joinStrings(protocols, ", ");
+            protocolString = joinStrings(protocols, subProtocolSeperator());
     }
 

trunk/Source/WebCore/Modules/websockets/WebSocket.h

@@ -54 +54 @@
     static void setIsAvailable(bool);
     static bool isAvailable();
+    static const char* subProtocolSeperator();
     static PassRefPtr<WebSocket> create(ScriptExecutionContext*);
     virtual ~WebSocket();

trunk/Source/WebCore/Modules/websockets/WebSocketHandshake.cpp

@@ -35 +35 @@
 
 #include "WebSocketHandshake.h"
+#include "WebSocket.h"
 
 #include "Base64.h"
@@ -728 +729 @@
             return false;
         }
+        if (!serverWebSocketProtocol.isNull()) {
+            if (m_clientProtocol.isEmpty()) {
+                m_failureReason = "Error during WebSocket handshake: Sec-WebSocket-Protocol mismatch";
+                return false;
+            }
+            Vector<String> result;
+            m_clientProtocol.split(String(WebSocket::subProtocolSeperator()), result);
+            if (!result.contains(serverWebSocketProtocol)) {
+                m_failureReason = "Error during WebSocket handshake: Sec-WebSocket-Protocol mismatch";
+                return false;
+            }
+        }
     }
     return true;