[asterisk-bugs] [JIRA] (ASTERISK-28257) res_http_websocket: PING / PONG opcodes break data reception

Jeremy Lainé (JIRA) noreply at issues.asterisk.org
Wed Jan 23 04:38:47 CST 2019 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-28257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jeremy Lainé updated ASTERISK-28257:
------------------------------------

    Attachment: mix-ping-and-fragmented-data.py

The `mix-ping-and-fragmented-data.py` script talks to Asterisk's echo websocket handler. It sends a fragmented message consisting of 10 fragments of 1000 bytes. In the middle of the fragmented message it sends a PING opcode to trigger the bug. This script requires the very latest `websockets` code:

pip install -e 'git+https://github.com/aaugustin/websockets.git#egg=websockets'


> res_http_websocket: PING / PONG opcodes break data reception
> ------------------------------------------------------------
>
>                 Key: ASTERISK-28257
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28257
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_http_websocket
>    Affects Versions: 16.1.1
>            Reporter: Jeremy Lainé
>         Attachments: mix-ping-and-fragmented-data.py
>
>
> Currently, PING / PONG opcodes are handled together with data reception. At a high level the logic looks like:
> - retrieve frame header
> - retrieve frame payload and apply unmasking
> - (reply to PING and stop here ONLY if replying fails)
> - (handle CLOSE opcode and stop here)
> - put payload into a re-assembly buffer and return it to the caller
> When data and PING / PONG opcodes and data are received consecutively, Asterisk behaves properly. However RFC 6455 specifies that control opcodes (PING / PONG / CLOSE) can be received in the middle of a fragmented message. In this case, Asterisk's logic breaks down, resulting in a truncated message being received.
> My suggestion to fix this is to align the behavior with the new CLOSE handling code and return immediately, without exposing the payload to the caller.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list