yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1278342] Re: novncproxy accepts un-masked client websocket frames

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1278342@xxxxxxxxxxxxxxxxxx>
Date: Thu, 02 Apr 2015 04:17:18 -0000
Reply-to: Bug 1278342 <1278342@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[Expired for OpenStack Compute (nova) because there has been no activity
for 60 days.]

** Changed in: nova
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1278342

Title:
  novncproxy accepts un-masked client websocket frames

Status in OpenStack Compute (Nova):
  Expired

Bug description:
  using Havana nova with python-websockify-0.5.1
  I found that the server is not picky enough.
  It accepts WebSocket frames with the masked-bit unset
  though the relevant standard 
  https://tools.ietf.org/html/rfc6455#section-5.1
  says
  The server MUST close the connection upon receiving a frame that is not masked.

  
  For testing this behaviour, you can use my code without this fix
  https://github.com/bmwiedemann/connectionproxy/commit/1ece2024090cfbacc003f66c036c2fe550fd488a

  it is used like this:

  git clone https://github.com/bmwiedemann/connectionproxy.git
  $INSTALL perl-Protocol-WebSocket
  nova get-vnc-console $YOURINSTANCE novnc
  perl wsconnectionproxy.pl --port 5942 --to http://cloud.example.com:6080/vnc_auto.html?token=xxx
  gvncviewer localhost:42

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1278342/+subscriptions

References

[Bug 1278342] [NEW] novncproxy accepts un-masked client websocket frames
From: Bernhard M. Wiedemann, 2014-02-10