From d080ab3585bd3c1a55c5d04568c2ca27e0976e11 Mon Sep 17 00:00:00 2001 From: Andy Green Date: Wed, 10 Nov 2021 16:26:18 +0000 Subject: [PATCH] ws: client: fail server link if masked --- lib/roles/ws/client-parser-ws.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lib/roles/ws/client-parser-ws.c b/lib/roles/ws/client-parser-ws.c index 09e681f92..f569532ec 100644 --- a/lib/roles/ws/client-parser-ws.c +++ b/lib/roles/ws/client-parser-ws.c @@ -177,6 +177,8 @@ int lws_ws_client_rx_sm(struct lws *wsi, unsigned char c) case LWS_RXPS_04_FRAME_HDR_LEN: wsi->ws->this_frame_masked = !!(c & 0x80); + if (wsi->ws->this_frame_masked) + goto server_cannot_mask; switch (c & 0x7f) { case 126: @@ -674,6 +676,16 @@ already_done: illegal_ctl_length: lwsl_wsi_warn(wsi, "Control frame asking for extended length is illegal"); + /* kill the connection */ + return -1; + +server_cannot_mask: + lws_close_reason(wsi, + LWS_CLOSE_STATUS_PROTOCOL_ERR, + (uint8_t *)"srv mask", 8); + + lwsl_wsi_warn(wsi, "Server must not mask"); + /* kill the connection */ return -1; }