<p>Joshua Colp <strong>submitted</strong> this change.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/14585">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Joshua Colp: Looks good to me, but someone else must approve; Approved for Submit
Kevin Harwell: Looks good to me, but someone else must approve
George Joseph: Looks good to me, approved
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_http_websocket: Add payload masking to the websocket client<br><br>ASTERISK-28949<br><br>Change-Id: Id465030f2b1997b83d408933fdbabe01827469ca<br>---<br>M res/res_http_websocket.c<br>1 file changed, 39 insertions(+), 4 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c</span><br><span>index e8301df..9e9f4f1 100644</span><br><span>--- a/res/res_http_websocket.c</span><br><span>+++ b/res/res_http_websocket.c</span><br><span>@@ -290,28 +290,56 @@</span><br><span> return 0;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+/*! \brief Perform payload masking for client sessions */</span><br><span style="color: hsl(120, 100%, 40%);">+static void websocket_mask_payload(struct ast_websocket *session, char *frame, char *payload, uint64_t payload_size)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ /* RFC 6455 5.1 - clients MUST mask frame data */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (session->client) {</span><br><span style="color: hsl(120, 100%, 40%);">+ uint64_t i;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t mask_key_idx;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint32_t mask_key = ast_random();</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t length = frame[1] & 0x7f;</span><br><span style="color: hsl(120, 100%, 40%);">+ frame[1] |= 0x80; /* set mask bit to 1 */</span><br><span style="color: hsl(120, 100%, 40%);">+ /* The mask key octet position depends on the length */</span><br><span style="color: hsl(120, 100%, 40%);">+ mask_key_idx = length == 126 ? 4 : length == 127 ? 10 : 2;</span><br><span style="color: hsl(120, 100%, 40%);">+ put_unaligned_uint32(&frame[mask_key_idx], mask_key);</span><br><span style="color: hsl(120, 100%, 40%);">+ for (i = 0; i < payload_size; i++) {</span><br><span style="color: hsl(120, 100%, 40%);">+ payload[i] ^= ((char *)&mask_key)[i % 4];</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> /*! \brief Close function for websocket session */</span><br><span> int AST_OPTIONAL_API_NAME(ast_websocket_close)(struct ast_websocket *session, uint16_t reason)</span><br><span> {</span><br><span> enum ast_websocket_opcode opcode = AST_WEBSOCKET_OPCODE_CLOSE;</span><br><span style="color: hsl(0, 100%, 40%);">- char frame[4] = { 0, }; /* The header is 2 bytes and the reason code takes up another 2 bytes */</span><br><span style="color: hsl(0, 100%, 40%);">- int res;</span><br><span style="color: hsl(120, 100%, 40%);">+ /* The header is either 2 or 6 bytes and the</span><br><span style="color: hsl(120, 100%, 40%);">+ * reason code takes up another 2 bytes */</span><br><span style="color: hsl(120, 100%, 40%);">+ char frame[8] = { 0, };</span><br><span style="color: hsl(120, 100%, 40%);">+ int header_size, fsize, res;</span><br><span> </span><br><span> if (session->close_sent) {</span><br><span> return 0;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ /* clients need space for an additional 4 byte masking key */</span><br><span style="color: hsl(120, 100%, 40%);">+ header_size = session->client ? 6 : 2;</span><br><span style="color: hsl(120, 100%, 40%);">+ fsize = header_size + 2;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> frame[0] = opcode | 0x80;</span><br><span> frame[1] = 2; /* The reason code is always 2 bytes */</span><br><span> </span><br><span> /* If no reason has been specified assume 1000 which is normal closure */</span><br><span style="color: hsl(0, 100%, 40%);">- put_unaligned_uint16(&frame[2], htons(reason ? reason : 1000));</span><br><span style="color: hsl(120, 100%, 40%);">+ put_unaligned_uint16(&frame[header_size], htons(reason ? reason : 1000));</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ websocket_mask_payload(session, frame, &frame[header_size], 2);</span><br><span> </span><br><span> session->closing = 1;</span><br><span> session->close_sent = 1;</span><br><span> </span><br><span> ao2_lock(session);</span><br><span style="color: hsl(0, 100%, 40%);">- res = ast_careful_fwrite(session->f, session->fd, frame, 4, session->timeout);</span><br><span style="color: hsl(120, 100%, 40%);">+ res = ast_careful_fwrite(session->f, session->fd, frame, fsize, session->timeout);</span><br><span> </span><br><span> /* If an error occurred when trying to close this connection explicitly terminate it now.</span><br><span> * Doing so will cause the thread polling on it to wake up and terminate.</span><br><span>@@ -369,6 +397,11 @@</span><br><span> header_size += 8;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ if (session->client) {</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Additional 4 bytes for the client masking key */</span><br><span style="color: hsl(120, 100%, 40%);">+ header_size += 4;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> frame_size = header_size + payload_size;</span><br><span> </span><br><span> frame = ast_alloca(frame_size + 1);</span><br><span>@@ -386,6 +419,8 @@</span><br><span> </span><br><span> memcpy(&frame[header_size], payload, payload_size);</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ websocket_mask_payload(session, frame, &frame[header_size], payload_size);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> ao2_lock(session);</span><br><span> if (session->closing) {</span><br><span> ao2_unlock(session);</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/14585">change 14585</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/14585"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 13 </div>
<div style="display:none"> Gerrit-Change-Id: Id465030f2b1997b83d408933fdbabe01827469ca </div>
<div style="display:none"> Gerrit-Change-Number: 14585 </div>
<div style="display:none"> Gerrit-PatchSet: 3 </div>
<div style="display:none"> Gerrit-Owner: Moises Silva <moises.silva@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: Friendly Automation </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@sangoma.com> </div>
<div style="display:none"> Gerrit-Reviewer: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>