Commit Graph

26 Commits

Author SHA1 Message Date
Matt Silverlock e365eeef09 test: fix unintended test comment in TestFraming 2019-08-24 22:20:45 -07:00
Matt Silverlock 5b740c2926
Read Limit Fix (#537)
This fix addresses a potential denial-of-service (DoS) vector that can cause an integer overflow in the presence of malicious WebSocket frames.

The fix adds additional checks against the remaining bytes on a connection, as well as a test to prevent regression.

Credit to Max Justicz (https://justi.cz/) for discovering and reporting this, as well as providing a robust PoC and review.

* build: go.mod to go1.12
* bugfix: fix DoS vector caused by readLimit bypass
* test: update TestReadLimit sub-test
* bugfix: payload length 127 should read bytes as uint64
* bugfix: defend against readLength overflows
2019-08-24 18:17:28 -07:00
Matt Silverlock ae1634f6a9
Create CircleCI config.yml (#519)
* Create config.yml
* Delete .travis.yml
* Added CircleCI badge to README
* Add golint; run on latest only
2019-06-29 11:55:28 -07:00
Steven Scott 3130e8d3f1 Return write buffer to pool on write error (#427)
Fix bug where connection did not return the write buffer to the pool
after a write error. Add test for the same.

Rename messsageWriter.fatal method to endMessage and consolidate all
message cleanup code there. This ensures that the buffer is returned to
pool on all code paths.

Rename Conn.prepMessage to beginMessage for symmetry with endMessage.
Move some duplicated code at calls to prepMessage to beginMessage.

Bonus improvement: Adjust message and buffer size in TestWriteBufferPool
to test that pool works with fragmented messages.
2018-09-24 16:26:12 -07:00
Steven Scott b378caee5b Add write buffer pooling
Add WriteBufferPool to Dialer and Upgrader. This field specifies a pool
to use for write operations on a connection.  Use of the pool can reduce
memory use when there is a modest write volume over a large number of
connections.

Use larger of hijacked buffer and buffer allocated for connection (if
any) as buffer for building handshake response. This decreases possible
allocations when building the handshake response.

Modify bufio reuse test to call Upgrade instead of the internal
newConnBRW. Move the test from conn_test.go to server_test.go because
it's a serer test.

Update newConn and newConnBRW:

- Move the bufio "hacks" from newConnBRW to separate functions and call
these functions directly from Upgrade.
- Rename newConn to newTestConn and move to conn_test.go. Shorten
argument list to common use case.
- Rename newConnBRW to newConn.
- Add pool code to newConn.
2018-08-22 14:11:59 -07:00
Gary Burd 23059f2957 Update with gofmt on tip
The changes are compatible with older versions of gofmt.
2017-11-23 00:11:29 -08:00
Gary Burd 3da6ca0cb6 Simplify and fix spelling errors in test files
Simplify using gofmt -s.
2017-11-02 08:08:30 -07:00
Gary Burd b258b4fadb Use bufio.Writer returned from hijack in upgrade
Reuse the buffer backing the bufio.Writer returned from hijack if that
buffer is large enough to be generally useful and
Upgrader.WriteBufferSize == 0.

Update the logic for reusing bufio.Reader returned from hijack to match
the logic for bufio.Reader:  The buffer backing the reader must be
sufficiently large to be generally useful and Upgrader.ReadBufferSize ==
0.

Improve the documentation for ReadBufferSize and WriterBufferSize in
Dialer and Upgrader.
2017-03-02 14:46:13 -08:00
Gary Burd 286b5c9371 Use bufio.Reader returned from hijack in upgrade
Use the bufio.Reader returned from hijack if the reader's buffer size is
equal to the buffer size specified in Upgrader.ReadBufferSize.
2017-03-01 09:36:54 -08:00
Gary Burd 80a0029a65 Improve write error handling
- Do not fail NextWriter when close of previous writer fails.
- Replace closeSent field with mutex protected writeErr. Set writeErr on
  any error writing to underlying network connection. Check and return
  writeErr before attempting to write to network connection. Check
  writeErr in NextWriter so application can detect failed connection
  before attempting to write.
- Do not close underlying network connection on error.
- Move message writing state and method flushFrame from Conn to
  messageWriter. This makes error code paths (and the code in general)
  easier to understand.
- Add messageWriter field err to latch errors in messageWriter.

Bonus: Improve test coverage.
2016-11-02 09:59:14 -07:00
Gary Burd a0ef436d00 compression: add tests, rename option 2016-10-17 17:30:22 -07:00
Gary Burd a724ba4528 Test truncated frames at all positions 2016-04-25 08:42:53 -07:00
Tarmigan Casebolt ae46df13e9 Fix Read() to return errUnexpectedEOF when EOF is received before all bytes in the frame have been read 2016-04-24 22:30:05 -07:00
Gary Burd 0e2713e645 Address common gotchas with package
Update documentation to explicitly state that applications must break out of a
read loop on error.

Detect application read loops spinning on a failed connection and panic.

Detect concurrent writes and panic. The detection is best-effort.

Update documentation to state that connections respond to close frames.
2016-02-16 15:03:54 -08:00
Gary Burd 615f23bc98 Add IsUnexpectedCloseError 2016-01-19 13:06:29 -08:00
Gary Burd a2d85bcbfc Add IsCloseError, improve doc about errors 2016-01-19 09:20:21 -08:00
Gary Burd c66b764651 Add test for bufio.ReadBytes on connection reader
Test for issue #85.
2015-10-08 22:47:23 -07:00
Gary Burd b6ab76f1fe Provide all close frame data to application
- Export closeError.
- Do not convert normal closure and going away to io.EOF.
2015-08-11 10:14:32 -07:00
Gary Burd 47f93dfaed Improve errors.
- Use new closeError type for reporting close frames to the application.
- Use closeError with code 1006 when the peer closes connection without
  sending a close frame. The error io.ErrUnexpectedEOF was used
  previously. This change helps developers distinguish abnormal closure
  and an unexpected EOF in the JSON parser.
2014-10-31 14:52:20 -07:00
Gary Burd 10afcadf69 Cleanup EOF handling.
- Modify data message reader to return io.ErrUnexpectedEOF if a close
  message is received before the final frame of the message.
- Modify NextReader to return io.ErrUnexpectedEOF if underlying
  connection returns io.EOF before a close message.
2014-07-10 19:36:51 -07:00
Gary Burd 0e7b5f878f Do not mask bytes when reading on the client.
- The bytes were masked with zero, a nop.
- Add test for control messages.
2014-07-05 13:56:34 -07:00
Gary Burd f867cb5c72 Cleanup issues reported by golint. 2014-04-20 07:20:03 -07:00
Gary Burd 15aed3b4a4 Relicense to the Gorilla WebSocket Authors. 2014-04-18 14:25:11 -07:00
Simon Eisenmann ccad3db007 Added helper function UnderlyingConn to retrieve net.Conn from Conn objects. 2014-03-18 15:26:10 +01:00
Gary Burd 67d178946a Implement net.Error on timeout errors.
Fixes #10.
2013-12-23 12:01:25 -08:00
Gary Burd 273ecadfca Initial commit 2013-10-16 16:30:59 -07:00