fix issues caused by websocket frame fragmentation by pjknkda · Pull Request #1962 · aio-libs/aiohttp

pjknkda · 2017-06-06T18:50:32Z

What do these changes do?

This MR fixes issues caused by websocket frame fragmentation.

Based on autobahn-testsuite, there were several bugs in websocket implementation which is mainly caused by wrong handling of fragmented frames.

The rationale of deleting the test case "test_parse_frame_header_continuation" is that according to RFC6455 Section 5.5, control frames can be injected in the middle of a fragmented message and therefore we cannot reject the frame only seeing the "FIN" flag of the last frame. Also, test for invalid continuation frame without preceding text/binary frame is done by test case "test_unknown_frame".

Here is the report generated from autobahn-testsuite.

Related issue number

#1845, #1951

Checklist

I think the code is well written
Unit tests for the changes exist
Documentation reflects the changes
If you provide code modification, please add yourself to CONTRIBUTORS.txt
- The format is <Name> <Surname>.
- Please keep alphabetical order, the file is sorted by names.
Add a new entry to CHANGES.rst
- Choose any open position to avoid merge conflicts with other PRs.
- Add a link to the issue you are fixing (if any) using #issue_number format at the end of changelog message. Use Pull Request number if there are no issues for PR or PR covers the issue only partially.

codecov-io · 2017-06-06T19:03:46Z

Codecov Report

Merging #1962 into master will increase coverage by 0.02%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #1962      +/-   ##
==========================================
+ Coverage   97.05%   97.08%   +0.02%     
==========================================
  Files          37       37              
  Lines        7612     7609       -3     
  Branches     1328     1327       -1     
==========================================
- Hits         7388     7387       -1     
+ Misses        101      100       -1     
+ Partials      123      122       -1

Impacted Files	Coverage Δ
aiohttp/http_websocket.py	`98.74% <100%> (+0.6%)`	⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6a902ff...03984c2. Read the comment docs.

asvetlov

The PR is good after fixing minor notes.
@fafhrd91 ?

asvetlov · 2017-06-07T12:44:52Z

CHANGES.rst

 -

-
+- Fix websocket issues caused by frame fragmentation.


Please add #1962 at the end of line

asvetlov · 2017-06-07T12:46:45Z

aiohttp/http_websocket.py

            if self._state == WSParserState.READ_HEADER:
                if buf_length - start_pos >= 2:
-                    data = buf[start_pos:start_pos+2]
+                    data = buf[start_pos:start_pos + 2]


Please don't touch what is not broken: spaces are not required here.

asvetlov · 2017-06-07T12:46:55Z

aiohttp/http_websocket.py

                if length == 126:
                    if buf_length - start_pos >= 2:
-                        data = buf[start_pos:start_pos+2]
+                        data = buf[start_pos:start_pos + 2]


asvetlov · 2017-06-07T12:47:04Z

aiohttp/http_websocket.py

                elif length > 126:
                    if buf_length - start_pos >= 8:
-                        data = buf[start_pos:start_pos+8]
+                        data = buf[start_pos:start_pos + 8]


asvetlov · 2017-06-07T12:47:13Z

aiohttp/http_websocket.py

            if self._state == WSParserState.READ_PAYLOAD_MASK:
                if buf_length - start_pos >= 4:
-                    self._frame_mask = buf[start_pos:start_pos+4]
+                    self._frame_mask = buf[start_pos:start_pos + 4]


asvetlov · 2017-06-07T12:47:22Z

aiohttp/http_websocket.py

                else:
                    self._payload_length = 0
-                    payload.extend(buf[start_pos:start_pos+length])
+                    payload.extend(buf[start_pos:start_pos + length])


pjknkda · 2017-06-07T13:47:56Z

@asvetlov I've fixed the commit according to your comments. Thank you for reviewing!

fafhrd91 · 2017-06-07T14:01:41Z

Lgtm

fafhrd91 · 2017-06-07T22:17:41Z

@asvetlov ping

fafhrd91 · 2017-06-07T23:32:27Z

@pjknkda btw did you run autobahn test suit against your fix?

pjknkda · 2017-06-08T01:19:06Z

@fafhrd91 Yes I did. The second test report (this) is the result against my fix.

fafhrd91 · 2017-06-08T01:29:24Z

Awesome! Thanks

lock · 2019-10-28T23:04:25Z

This thread has been automatically locked since there has not been
any recent activity after it was closed. Please open a new issue for
related bugs.

If you feel like there's important points made in this discussion,
please include those exceprts into that new issue.

pjknkda changed the title ~~fix issues caused by websocket fragmentation~~ fix issues caused by websocket frame fragmentation Jun 6, 2017

pjknkda mentioned this pull request Jun 7, 2017

Websocket flow control is broken (deadlock+memory leak on websocket.receive) #1845

Closed

asvetlov requested changes Jun 7, 2017

View reviewed changes

fix issues caused by websocket fragmentation

03984c2

fafhrd91 merged commit 6b85bcd into aio-libs:master Jun 8, 2017

asvetlov mentioned this pull request Jun 12, 2017

Websocket issues while headers are fragmented #1951

Closed

lock bot added the outdated label Oct 28, 2019

lock bot locked as resolved and limited conversation to collaborators Oct 28, 2019

Uh oh!

Conversation

pjknkda commented Jun 6, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What do these changes do?

Related issue number

Checklist

Uh oh!

codecov-io commented Jun 6, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

asvetlov left a comment

Choose a reason for hiding this comment

Uh oh!

asvetlov Jun 7, 2017

Choose a reason for hiding this comment

Uh oh!

asvetlov Jun 7, 2017

Choose a reason for hiding this comment

Uh oh!

asvetlov Jun 7, 2017

Choose a reason for hiding this comment

Uh oh!

asvetlov Jun 7, 2017

Choose a reason for hiding this comment

Uh oh!

asvetlov Jun 7, 2017

Choose a reason for hiding this comment

Uh oh!

asvetlov Jun 7, 2017

Choose a reason for hiding this comment

Uh oh!

pjknkda commented Jun 7, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

fafhrd91 commented Jun 7, 2017

Uh oh!

fafhrd91 commented Jun 7, 2017

Uh oh!

fafhrd91 commented Jun 7, 2017

Uh oh!

pjknkda commented Jun 8, 2017

Uh oh!

fafhrd91 commented Jun 8, 2017

Uh oh!

lock bot commented Oct 28, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

pjknkda commented Jun 6, 2017 •

edited

Loading

codecov-io commented Jun 6, 2017 •

edited

Loading

pjknkda commented Jun 7, 2017 •

edited

Loading