Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

WebSocket / RFC-6455: Section 5.1 frame masking validation

This commit is contained in:
Joakim Erdfelt 2013-12-09 11:37:14 -07:00
parent 8243bd60b7
commit db777310b5
1 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/Parser.java
View File

@ -191,11 +191,26 @@ public class Parser
if (policy.getBehavior() == WebSocketBehavior.SERVER) if (policy.getBehavior() == WebSocketBehavior.SERVER)
{ {
// Parsing on server? /* Parsing on server.
// Then you MUST make sure all incoming frames are masked! *
* Then you MUST make sure all incoming frames are masked!
*
* Technically, this test is in violation of RFC-6455, Section 5.1
* http://tools.ietf.org/html/rfc6455#section-5.1
*
* But we can't trust the client at this point, so Jetty opts to close
* the connection as a Protocol error.
*/
if (f.isMasked() == false) if (f.isMasked() == false)
{ {
throw new ProtocolException("Client frames MUST be masked (RFC-6455)"); throw new ProtocolException("Client MUST mask all frames (RFC-6455: Section 5.1)");
}
} else if(policy.getBehavior() == WebSocketBehavior.CLIENT)
{
// Required by RFC-6455 / Section 5.1
if (f.isMasked() == true)
{
throw new ProtocolException("Server MUST NOT mask any frames (RFC-6455: Section 5.1)");
} }
} }