← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #09500

[Bug 1278342] [NEW] novncproxy accepts un-masked client websocket frames

  Thread PreviousDate PreviousThread Next 
Public bug reported:

using Havana nova with python-websockify-0.5.1
I found that the server is not picky enough.
It accepts WebSocket frames with the masked-bit unset
though the relevant standard 
https://tools.ietf.org/html/rfc6455#section-5.1
says
The server MUST close the connection upon receiving a frame that is not masked.


For testing this behaviour, you can use my code without this fix
https://github.com/bmwiedemann/connectionproxy/commit/1ece2024090cfbacc003f66c036c2fe550fd488a

it is used like this:

git clone https://github.com/bmwiedemann/connectionproxy.git
$INSTALL perl-Protocol-WebSocket
nova get-vnc-console $YOURINSTANCE novnc
perl wsconnectionproxy.pl --port 5942 --to http://cloud.example.com:6080/vnc_auto.html?token=xxx
gvncviewer localhost:42

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1278342

Title:
  novncproxy accepts un-masked client websocket frames

Status in OpenStack Compute (Nova):
  New

Bug description:
  using Havana nova with python-websockify-0.5.1
  I found that the server is not picky enough.
  It accepts WebSocket frames with the masked-bit unset
  though the relevant standard 
  https://tools.ietf.org/html/rfc6455#section-5.1
  says
  The server MUST close the connection upon receiving a frame that is not masked.

  
  For testing this behaviour, you can use my code without this fix
  https://github.com/bmwiedemann/connectionproxy/commit/1ece2024090cfbacc003f66c036c2fe550fd488a

  it is used like this:

  git clone https://github.com/bmwiedemann/connectionproxy.git
  $INSTALL perl-Protocol-WebSocket
  nova get-vnc-console $YOURINSTANCE novnc
  perl wsconnectionproxy.pl --port 5942 --to http://cloud.example.com:6080/vnc_auto.html?token=xxx
  gvncviewer localhost:42

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1278342/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next