2009-11-11 Fumitoshi Ukai <ukai@chromium.org>
authorukai@chromium.org <ukai@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 12 Nov 2009 04:17:59 +0000 (04:17 +0000)
committerukai@chromium.org <ukai@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 12 Nov 2009 04:17:59 +0000 (04:17 +0000)
        Reviewed by Alexey Proskuryakov.

        Fix WebSocket frame parser of frame_type with high-order bit set.
        https://bugs.webkit.org/show_bug.cgi?id=30668

        * websocket/tests/frame-length-longer-than-buffer-expected.txt: Added.
        * websocket/tests/frame-length-longer-than-buffer.html: Added.
        * websocket/tests/frame-length-longer-than-buffer_wsh.py: Added.
        * websocket/tests/frame-length-skip-expected.txt: Added.
        * websocket/tests/frame-length-skip.html: Added.
        * websocket/tests/frame-length-skip_wsh.py: Added.
        * websocket/tests/script-tests/frame-length-longer-than-buffer.js: Added.
        * websocket/tests/script-tests/frame-length-skip.js: Added.
2009-11-11  Fumitoshi Ukai  <ukai@chromium.org>

        Reviewed by Alexey Proskuryakov.

        Fix WebSocket frame parser of frame_type with high-order bit set.
        https://bugs.webkit.org/show_bug.cgi?id=30668

        If buffer is smaller than frame's length, it should break the loop
        instead of reading next byte.

        Tests: websocket/tests/frame-length-longer-than-buffer.html
               websocket/tests/frame-length-skip.html

        * websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::didReceiveData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@50862 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/websocket/tests/frame-length-longer-than-buffer-expected.txt [new file with mode: 0644]
LayoutTests/websocket/tests/frame-length-longer-than-buffer.html [new file with mode: 0644]
LayoutTests/websocket/tests/frame-length-longer-than-buffer_wsh.py [new file with mode: 0644]
LayoutTests/websocket/tests/frame-length-skip-expected.txt [new file with mode: 0644]
LayoutTests/websocket/tests/frame-length-skip.html [new file with mode: 0644]
LayoutTests/websocket/tests/frame-length-skip_wsh.py [new file with mode: 0644]
LayoutTests/websocket/tests/script-tests/frame-length-longer-than-buffer.js [new file with mode: 0644]
LayoutTests/websocket/tests/script-tests/frame-length-skip.js [new file with mode: 0644]
WebCore/ChangeLog
WebCore/websockets/WebSocketChannel.cpp

index a755f90..e1a7bc6 100644 (file)
@@ -1,3 +1,19 @@
+2009-11-11  Fumitoshi Ukai  <ukai@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Fix WebSocket frame parser of frame_type with high-order bit set.
+        https://bugs.webkit.org/show_bug.cgi?id=30668
+
+        * websocket/tests/frame-length-longer-than-buffer-expected.txt: Added.
+        * websocket/tests/frame-length-longer-than-buffer.html: Added.
+        * websocket/tests/frame-length-longer-than-buffer_wsh.py: Added.
+        * websocket/tests/frame-length-skip-expected.txt: Added.
+        * websocket/tests/frame-length-skip.html: Added.
+        * websocket/tests/frame-length-skip_wsh.py: Added.
+        * websocket/tests/script-tests/frame-length-longer-than-buffer.js: Added.
+        * websocket/tests/script-tests/frame-length-skip.js: Added.
+
 2009-11-11  Csaba Osztrogon√°c  <ossy@webkit.org>
 
         Put tests into skiplist added in r50830 and r50839 because
diff --git a/LayoutTests/websocket/tests/frame-length-longer-than-buffer-expected.txt b/LayoutTests/websocket/tests/frame-length-longer-than-buffer-expected.txt
new file mode 100644 (file)
index 0000000..d9c7e6e
--- /dev/null
@@ -0,0 +1,12 @@
+Make sure WebSocket correctly skip lengthed frame even if received data has incomplete frame.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+WebSocket is open
+received:hello
+1
+PASS areArraysEqual(received_messages, expected_messages) is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/websocket/tests/frame-length-longer-than-buffer.html b/LayoutTests/websocket/tests/frame-length-longer-than-buffer.html
new file mode 100644 (file)
index 0000000..a33b742
--- /dev/null
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
+<script src="../../fast/js/resources/js-test-pre.js"></script>
+<script src="../../fast/js/resources/js-test-post-function.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script src="script-tests/frame-length-longer-than-buffer.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/websocket/tests/frame-length-longer-than-buffer_wsh.py b/LayoutTests/websocket/tests/frame-length-longer-than-buffer_wsh.py
new file mode 100644 (file)
index 0000000..8ad868b
--- /dev/null
@@ -0,0 +1,10 @@
+def web_socket_do_extra_handshake(request):
+  pass
+
+def web_socket_transfer_data(request):
+  msg = "\0hello\xff"
+  msg += "\x80\x81\x81"
+  msg += "\x01\xff"
+  msg += "\0should be skipped\xff"
+  request.connection.write(msg)
+  print msg
diff --git a/LayoutTests/websocket/tests/frame-length-skip-expected.txt b/LayoutTests/websocket/tests/frame-length-skip-expected.txt
new file mode 100644 (file)
index 0000000..6ce6d0d
--- /dev/null
@@ -0,0 +1,13 @@
+Make sure WebSocket correctly skip lengthed frame.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+WebSocket is open
+received:hello
+received:world
+2
+PASS areArraysEqual(received_messages, expected_messages) is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/websocket/tests/frame-length-skip.html b/LayoutTests/websocket/tests/frame-length-skip.html
new file mode 100644 (file)
index 0000000..895617f
--- /dev/null
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
+<script src="../../fast/js/resources/js-test-pre.js"></script>
+<script src="../../fast/js/resources/js-test-post-function.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script src="script-tests/frame-length-skip.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/websocket/tests/frame-length-skip_wsh.py b/LayoutTests/websocket/tests/frame-length-skip_wsh.py
new file mode 100644 (file)
index 0000000..5571691
--- /dev/null
@@ -0,0 +1,11 @@
+def web_socket_do_extra_handshake(request):
+  pass
+
+def web_socket_transfer_data(request):
+  msg = "\0hello\xff"
+  msg += "\x80\x81\x81"
+  msg += "\x01"
+  msg += "\0should be skipped" + (" " * 109) + "\xff"
+  msg += "\0world\xff"
+  request.connection.write(msg)
+  print msg
diff --git a/LayoutTests/websocket/tests/script-tests/frame-length-longer-than-buffer.js b/LayoutTests/websocket/tests/script-tests/frame-length-longer-than-buffer.js
new file mode 100644 (file)
index 0000000..78d629c
--- /dev/null
@@ -0,0 +1,34 @@
+description("Make sure WebSocket correctly skip lengthed frame even if received data has incomplete frame.");
+if (window.layoutTestController)
+    layoutTestController.waitUntilDone();
+
+var received_messages = [];
+var expected_messages = ["hello"];
+function finish() {
+    debug(received_messages.length);
+    for (var i = 0; i < received_messages; i++) {
+        debug("received[" + i + "]=" + received_messages[i]);
+    }
+
+    shouldBeTrue("areArraysEqual(received_messages, expected_messages)");
+
+    isSuccessfullyParsed();
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+
+var ws = new WebSocket("ws://localhost:8880/websocket/tests/frame-length-longer-than-buffer");
+ws.onopen = function () {
+    debug("WebSocket is open");
+};
+ws.onmessage = function (evt) {
+    debug("received:" + evt.data);
+    received_messages.push(evt.data);
+};
+ws.close = function () {
+    debug("WebSocket is closed");
+    finish();
+};
+setTimeout("finish()", 2000);
+
+var successfullyParsed = true;
diff --git a/LayoutTests/websocket/tests/script-tests/frame-length-skip.js b/LayoutTests/websocket/tests/script-tests/frame-length-skip.js
new file mode 100644 (file)
index 0000000..0438796
--- /dev/null
@@ -0,0 +1,34 @@
+description("Make sure WebSocket correctly skip lengthed frame.");
+if (window.layoutTestController)
+    layoutTestController.waitUntilDone();
+
+var received_messages = [];
+var expected_messages = ["hello", "world"];
+function finish() {
+    debug(received_messages.length);
+    for (var i = 0; i < received_messages; i++) {
+        debug("received[" + i + "]=" + received_messages[i]);
+    }
+
+    shouldBeTrue("areArraysEqual(received_messages, expected_messages)");
+
+    isSuccessfullyParsed();
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+
+var ws = new WebSocket("ws://localhost:8880/websocket/tests/frame-length-skip");
+ws.onopen = function () {
+    debug("WebSocket is open");
+};
+ws.onmessage = function (evt) {
+    debug("received:" + evt.data);
+    received_messages.push(evt.data);
+};
+ws.close = function () {
+    debug("WebSocket is closed");
+    finish();
+};
+setTimeout("finish()", 2000);
+
+var successfullyParsed = true;
index 1dbce8d..034a1ae 100644 (file)
@@ -1,3 +1,19 @@
+2009-11-11  Fumitoshi Ukai  <ukai@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Fix WebSocket frame parser of frame_type with high-order bit set.
+        https://bugs.webkit.org/show_bug.cgi?id=30668
+
+        If buffer is smaller than frame's length, it should break the loop
+        instead of reading next byte.
+
+        Tests: websocket/tests/frame-length-longer-than-buffer.html
+               websocket/tests/frame-length-skip.html
+
+        * websockets/WebSocketChannel.cpp:
+        (WebCore::WebSocketChannel::didReceiveData):
+
 2009-11-11  Yusuke Sato  <yusukes@chromium.org>
 
         Reviewed by Adam Barth.
index e71c0fa..a770262 100644 (file)
@@ -197,7 +197,8 @@ void WebSocketChannel::didReceiveData(SocketStreamHandle* handle, const char* da
             if (p + length < end) {
                 p += length;
                 nextFrame = p;
-            }
+            } else
+                break;
         } else {
             const char* msgStart = p;
             while (p < end && *p != '\xff')