From nobody Mon Feb 9 09:51:53 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1504893283847830.8815292345322; Fri, 8 Sep 2017 10:54:43 -0700 (PDT) Received: from localhost ([::1]:46749 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dqNUI-00064H-Sj for importer@patchew.org; Fri, 08 Sep 2017 13:54:42 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40111) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dqNFQ-0000L1-Q2 for qemu-devel@nongnu.org; Fri, 08 Sep 2017 13:39:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dqNFP-0008L2-Ig for qemu-devel@nongnu.org; Fri, 08 Sep 2017 13:39:20 -0400 Received: from mail-pg0-x22a.google.com ([2607:f8b0:400e:c05::22a]:32777) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dqNFP-0008KG-DB for qemu-devel@nongnu.org; Fri, 08 Sep 2017 13:39:19 -0400 Received: by mail-pg0-x22a.google.com with SMTP id t3so5955942pgt.0 for ; Fri, 08 Sep 2017 10:39:19 -0700 (PDT) Received: from servo.cypherpath.com (68-113-0-218.static.knwc.wa.charter.com. [68.113.0.218]) by smtp.gmail.com with ESMTPSA id c30sm4556833pgn.33.2017.09.08.10.39.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 08 Sep 2017 10:39:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cypherpath.com; s=google; h=mime-version:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=0VmBw3vqQ+DycFtgUChZiVJJOdmH1XwXIJ2fJl1tV2Y=; b=C+pUs/o6UATmy2etRmysHkM9dB406XIulWlcyKH5RABk4GUlgT7+FboPh7xN5PFAaa zPvGnPd+Q0+1vULkbmv6SjhCeBQocJ2SwASJOP6Nuhsm3Jm8ih6AJYQ70c237gOFCqx3 JVJzbcJPE0OgABq/QHAU/+Okpq/t2aIODnTjI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:to:cc:subject:date:message-id :in-reply-to:references:in-reply-to:references; bh=0VmBw3vqQ+DycFtgUChZiVJJOdmH1XwXIJ2fJl1tV2Y=; b=io28GhFXMo6Ahlq1+/F7WUKykNiMhJukgNA1YSCgmQQF9QLGboq5LWCUMNWnXmCFFJ y7xOk1NfTt7yk5tsZLPw2g7+JXG/FHpOe3/XGF5qrkS+QwE5Vu+i26EmNtk/FrBfifAP 26R+Lm1HmXViOUIKVH4arWprIaduZtx3ByQYS8Z960gWvNVGrG2mu9VLajvgteTZ8/a+ avqI/HQTOWEHWkQKkitW/1cXGSqQXLD+IBSoZt3AuGd6Gkcf5ExmZFOVTD/j4F0K+4Ed GbZsrK98UhNB1mgDRdgwUg4EbzCDmyc+5D9y37PM927YLAgnKOGRKNiQEWCcmnNeOPG5 WdLQ== X-Gm-Message-State: AHPjjUhU9fs2iNb8Zt2DPiGXV1/zxGFu3WHla699fTS6+Yhz8WXmD9lQ tLqnsAr8pHSk5cCGyU6QHy7jtRPhayvPtclJKitNVCRnKznYkL9yjtKGxNxt9VvvjvEWJzs9+// Tvkyr MIME-Version: 1.0 X-Google-Smtp-Source: ADKCNb6PeYMMQp82PO5dpEqBv4nG4WPR+7sHHbg6WnEGo+ub+sH/736q9SYFdWf+xtn0T9f0Cd2Ncg== X-Received: by 10.98.152.209 with SMTP id d78mr3907996pfk.58.1504892358323; Fri, 08 Sep 2017 10:39:18 -0700 (PDT) From: Brandon Carpenter To: qemu-devel@nongnu.org Date: Fri, 8 Sep 2017 10:38:00 -0700 Message-Id: <20170908173801.15205-6-brandon.carpenter@cypherpath.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20170908173801.15205-1-brandon.carpenter@cypherpath.com> References: <20170908173801.15205-1-brandon.carpenter@cypherpath.com> In-Reply-To: <20170724184217.21381-1-brandon.carpenter@cypherpath.com> References: <20170724184217.21381-1-brandon.carpenter@cypherpath.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400e:c05::22a Subject: [Qemu-devel] [PATCH v2 5/6] io: Ignore websocket PING and PONG frames X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: brandon.carpenter@cypherpath.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Keep pings and gratuitous pongs generated by web browsers from killing websocket connections. Signed-off-by: Brandon Carpenter --- io/channel-websock.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/io/channel-websock.c b/io/channel-websock.c index 3183aeff77..50387050d5 100644 --- a/io/channel-websock.c +++ b/io/channel-websock.c @@ -86,6 +86,7 @@ #define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_OPCODE 0x0f #define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_HAS_MASK 0x80 #define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_PAYLOAD_LEN 0x7f +#define QIO_CHANNEL_WEBSOCK_CONTROL_OPCODE_MASK 0x8 =20 typedef struct QIOChannelWebsockHeader QIOChannelWebsockHeader; =20 @@ -565,8 +566,11 @@ static int qio_channel_websock_decode_header(QIOChanne= lWebsock *ioc, return -1; } } else { - if (opcode !=3D QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME) { - error_setg(errp, "only binary websocket frames are supported"); + if (opcode !=3D QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME && + opcode !=3D QIO_CHANNEL_WEBSOCK_OPCODE_PING && + opcode !=3D QIO_CHANNEL_WEBSOCK_OPCODE_PONG) { + error_setg(errp, "unsupported opcode: %#04x; only binary, ping= , " + "and pong websocket frames are supported", op= code); return -1; } } @@ -579,6 +583,9 @@ static int qio_channel_websock_decode_header(QIOChannel= Websock *ioc, ioc->payload_remain =3D payload_len; header_size =3D QIO_CHANNEL_WEBSOCK_HEADER_LEN_7_BIT; ioc->mask =3D header->u.m; + } else if (opcode & QIO_CHANNEL_WEBSOCK_CONTROL_OPCODE_MASK) { + error_setg(errp, "websocket control frame is too large"); + return -1; } else if (payload_len =3D=3D QIO_CHANNEL_WEBSOCK_PAYLOAD_LEN_MAGIC_16= _BIT && ioc->encinput.offset >=3D QIO_CHANNEL_WEBSOCK_HEADER_LEN_16= _BIT) { ioc->payload_remain =3D be16_to_cpu(header->u.s16.l16); @@ -634,9 +641,15 @@ static int qio_channel_websock_decode_payload(QIOChann= elWebsock *ioc, } } =20 + /* Drop the payload of ping/pong packets */ + if (ioc->opcode =3D=3D QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME) { + if (payload_len) { + buffer_reserve(&ioc->rawinput, payload_len); + buffer_append(&ioc->rawinput, ioc->encinput.buffer, payload_le= n); + } + } + if (payload_len) { - buffer_reserve(&ioc->rawinput, payload_len); - buffer_append(&ioc->rawinput, ioc->encinput.buffer, payload_len); buffer_advance(&ioc->encinput, payload_len); } return 0; --=20 2.14.1 --=20 CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is=20 for the sole use of the intended recipient(s) and may contain proprietary,=20 confidential or privileged information or otherwise be protected by law.=20 Any unauthorized review, use, disclosure or distribution is prohibited. If=20 you are not the intended recipient, please notify the sender and destroy=20 all copies and the original message.