Commit Graph

332 Commits

Author SHA1 Message Date
Matt Silverlock c3e18be99d
Create release-drafter.yml (#538) 2019-08-24 18:20:11 -07:00
Matt Silverlock 5b740c2926
Read Limit Fix (#537)
This fix addresses a potential denial-of-service (DoS) vector that can cause an integer overflow in the presence of malicious WebSocket frames.

The fix adds additional checks against the remaining bytes on a connection, as well as a test to prevent regression.

Credit to Max Justicz (https://justi.cz/) for discovering and reporting this, as well as providing a robust PoC and review.

* build: go.mod to go1.12
* bugfix: fix DoS vector caused by readLimit bypass
* test: update TestReadLimit sub-test
* bugfix: payload length 127 should read bytes as uint64
* bugfix: defend against readLength overflows
2019-08-24 18:17:28 -07:00
xiaobogaga 7e9819d926 fix typos (#532) 2019-08-23 06:05:46 -07:00
Matt Silverlock ae1634f6a9
Create CircleCI config.yml (#519)
* Create config.yml
* Delete .travis.yml
* Added CircleCI badge to README
* Add golint; run on latest only
2019-06-29 11:55:28 -07:00
Jürgen Etzlstorfer 80c2d40e9b fix autobahn test suite link (#503) 2019-04-26 23:03:06 -05:00
Tariq Ibrahim 6a67f44b69 remove redundant err!=nil check in conn.go Close method (#505) 2019-04-26 23:02:11 -05:00
Gary Burd 0ec3d1bd7f
Fix typo 2019-03-05 16:42:57 -08:00
Steven Scott 856ca61301 Add buffer commentary 2019-03-05 16:15:07 -08:00
Saddam H 7c8e298727 Add support for go-module 2019-02-04 16:44:14 -08:00
Steven Scott 8ab6030ad9 Add JoinMessages
Fixes #441.

Issue #441 specified a message separator. This PR has a message terminator. A message terminator can be read immediately following a message. A message separator cannot be read until the start of the next message. The message terminator is more useful when the reader is scanning to the terminator before performing some action.
2019-02-04 16:42:47 -08:00
Ankur Gupta 95ba29eb98 Updated autobahn test suite URL
Fixes #436
2018-12-05 23:02:39 -08:00
kanozec 483fb8d7c3 Add "in bytes" to sizes in documentation 2018-10-30 07:45:53 -07:00
Jeff R. Allen 76e4896901 Fix formatting problem in the docs. (#435)
Sorry for the dumbest PR ever, but this tiny addition of a period changes the formatting of this sentence from a header to a regular paragraph in godoc.
2018-10-11 19:01:31 -07:00
Steven Scott a51a35ae32 Improve header parsing code
Because the net/http server removes \r\n from multi-line header values,
there's no need to to check for \r or \n when skipping whitespace in
headers (see https://godoc.org/net/textproto#Reader.ReadMIMEHeader).
Given this fact, the whitespace test can be simplified to b == ' ' || b
== '\t'.  There's no need for the isSpaceOctet bit field in octetTypes.

The isTokenOctet bit field is the only bit field remaining after the
removal of isSpaceOctet.  Simplify the code by replacing the
isTokenOctet bit test in octetTypes with an array of booleans called
isTokenOctet.

Declare isTokenOctet as a composite literal instead of constructing it
at runtime.

Add documentation to core functions for parsing HTTP headers.
2018-10-06 11:35:33 -04:00
Steven Scott 3130e8d3f1 Return write buffer to pool on write error (#427)
Fix bug where connection did not return the write buffer to the pool
after a write error. Add test for the same.

Rename messsageWriter.fatal method to endMessage and consolidate all
message cleanup code there. This ensures that the buffer is returned to
pool on all code paths.

Rename Conn.prepMessage to beginMessage for symmetry with endMessage.
Move some duplicated code at calls to prepMessage to beginMessage.

Bonus improvement: Adjust message and buffer size in TestWriteBufferPool
to test that pool works with fragmented messages.
2018-09-24 16:26:12 -07:00
Steven Scott cdd40f587d Add comprehensive host test (#429)
Add table driven test for handling of host in request URL, request
header and TLS server name. In addition to testing various uses of host
names, this test also confirms that host names are handled the same as
the net/http client.

The new table driven test replaces TestDialTLS, TestDialTLSNoverify,
TestDialTLSBadCert and TestHostHeader.

Eliminate duplicated code for constructing root CA.
2018-09-24 16:10:46 -07:00
Mathias Fredriksson 66b9c49e59 Move context to first parameter in DialContext
Follows best practice and pkg/context documentation:

> The Context should be the first parameter, typically named ctx
2018-08-25 08:15:06 -07:00
Steven Scott a9dd6e8839 miscellaneous cleanup
- Add Go 1.11 to Travis config
- Use short variable declarations where possible.
- Remove unnecessary build tags after move to Go 1.7 min version.
- Simplify composite literals.
- Remove unused fields (err in PerparedMessage)
- Fix errors reported by golint and goword.
2018-08-24 14:03:26 -07:00
SALLEYRON Julien ceae45234a Add context in the Dialer 2018-08-24 13:45:12 -07:00
Steven Scott b378caee5b Add write buffer pooling
Add WriteBufferPool to Dialer and Upgrader. This field specifies a pool
to use for write operations on a connection.  Use of the pool can reduce
memory use when there is a modest write volume over a large number of
connections.

Use larger of hijacked buffer and buffer allocated for connection (if
any) as buffer for building handshake response. This decreases possible
allocations when building the handshake response.

Modify bufio reuse test to call Upgrade instead of the internal
newConnBRW. Move the test from conn_test.go to server_test.go because
it's a serer test.

Update newConn and newConnBRW:

- Move the bufio "hacks" from newConnBRW to separate functions and call
these functions directly from Upgrade.
- Rename newConn to newTestConn and move to conn_test.go. Shorten
argument list to common use case.
- Rename newConnBRW to newConn.
- Add pool code to newConn.
2018-08-22 14:11:59 -07:00
Adam Shannon 5fb94172f4 drop Go versions prior to 1.7 in CI
* drop Go versions prior to 1.7 in CI

* consolidate conn*.go files after dropping old Go support
2018-08-22 14:10:37 -07:00
stevenscott89 3ff3320c2a Improve server subprotocol documentation
Partial fix for 404.
2018-08-16 15:18:03 -07:00
Matt Silverlock 5ed622c449 Update LICENSE file to reflect Google employee contributions. 2018-06-05 13:25:52 -07:00
Kamil Kisiel c17c80cb48
Merge pull request #385 from dottyjones/master
Add test for handshake deadline
2018-05-28 18:35:52 -07:00
dottyjones badcf87185
Improve names in handshake deadline test 2018-05-28 12:07:56 -07:00
dottyjones f90b62c3ce
Add test for handshake deadline 2018-05-28 07:28:04 -07:00
Gary Burd 21ab95fa12
Modify headers to match case used in RFC examples
Change the subprotocol and extension header names to match the case used
in RFC examples. Other headers names already match the case used in the
examples.

Although the headers names in the handshake are case insensitive, some
libraries expect the exact case used in the RFC examples. This change
allows the package to interoperate with those broken libraries.
2018-04-20 10:16:12 -07:00
Petr cd94665a65 Minor fixes in comments
* Fix typo

"netowrk" is a misspelling of "network"

* Fix export comment

Comment on exported type Hub should be of the form "Hub ..." (golint)
2018-04-15 20:20:28 -07:00
Gary Burd eb92580837
Use net.Buffers to write multiple slices to connection
Closes #346.
2018-03-06 10:15:48 -08:00
Gary Burd 4835f71f2a Improve client default timeout code
- Remove duplicate code.
- Don't update deprecated functions.
2018-03-06 09:50:53 -08:00
Pablo Carranza 8c40c0b5bd Bump default handshake timetout to 45 seconds 2018-03-06 09:50:53 -08:00
Pablo Carranza 196b8d0585 Add a default handshake timeout of 5 seconds 2018-03-06 09:50:53 -08:00
Julien Salleyron e426f23f06 Sec-WebSocket-Protocol is capitalize instead of canonical 2018-03-06 09:05:33 -08:00
Carter Jones 6656ddce91 add newline and remove extra space 2018-03-04 15:22:45 -08:00
unknown 0647012449 Modify http status code to variable 2018-02-28 13:09:02 -08:00
Gary Burd f37d158860 Travis config: add Go 1.10.x, revert 1.4.x to 1.4
1.4.x is missing go vet
2018-02-18 23:13:02 -08:00
Alexey Palazhchenko 2967b101a5 Use latest patch releases of Go 2018-02-18 23:13:02 -08:00
claudia-jones 8fbc40be62 Simplify echo example client (#349)
Use existing `done` channel to signal that reader is done instead of closing the connection.
2018-02-18 16:00:50 -08:00
Gary Burd 4ac909741d
Improve control message handler doc
Fixes #338
2018-01-31 17:52:56 -08:00
Gary Burd 91f589db02
Improve check origin documentation
Remove the example code to disable origin checks from the documentation.
I am concerned that developers are copying the code without
understanding the security implications of the code. Most applications
should not use this code.

Change the bad origin error message to mention Upgrader.CheckOrigin

Mention cross-site request forgery in the Upgrader.CheckOrigin doc.
2018-01-25 10:51:21 -08:00
Gary Burd 292fd08b25
Replace "frame" with "message" in documentation
The documentation sometimes used the term "frame" when referring to
single frame control messages.  Use the term "message" for consistency
in the documentation and to hide a detail that most application
programmers do not need to know about.
2018-01-10 06:15:25 -08:00
Gary Burd 58729a2165
Don't log 1006 error in chat example
This error is expected (Safari closes connections without sending a close
frame).

Fixes #323
2018-01-09 12:15:58 -08:00
Gary Burd d965e9adc6
Handle no status in FormatCloseMessage
Return empty message for CloseNoStatusReceived. This status indicates
that the message is empty, so make it so. Because it's illegal to send
CloseNoStatusReceived, this change should not break a correct
application.
2017-12-28 07:29:59 -08:00
Jordan Pittier cdedf21e58 examples/chat/client.go: avoid allocating []byte{} for PingMessage (#312)
It's useless and only gives more work to the GC.
2017-12-09 19:53:53 -08:00
Gary Burd c55883f973
Add parseExtensions test case (#310) 2017-12-05 11:45:40 -08:00
Gary Burd b89020ee79
Add SOCKS5 support
- Bundle the golang.org/x/net/proxy package to x_net_proxy.go. The
package contains a SOCKS5 proxy. The package is bundled to avoid adding
a dependency from the weboscket package to golang.org/x/net.
- Restructure the existing HTTP proxy code so the code can be used as a
dialer with the proxy package.
- Modify Dialer.Dial to use proxy.FromURL.
- Improve tests (avoid modifying package-level data, use timeouts in
tests, use correct proxy URLs in tests).

Fixes #297.
2017-11-30 17:43:01 -08:00
Gary Burd 8c6cfd493d
Improve bad handshake error text
Change the error text for bad handshake errors from

    websocket: not a websocket handshake:

to:

    websocket: the client is not using the websocket protocol:

The new text should be more helpful to developers who do not know or
understand the details of the protocol.

Test for bad handshake before other request errors.
2017-11-30 16:45:44 -08:00
fising 2b58522131 update README.md 2017-11-29 07:20:15 -08:00
David Dollar b648f206c2 Use ASCII case folding in same origin test 2017-11-27 16:10:45 -08:00
Gary Burd 23059f2957 Update with gofmt on tip
The changes are compatible with older versions of gofmt.
2017-11-23 00:11:29 -08:00