Skip to content

Commit

Permalink
[fix] Make WebSocket#{p{i,o}ng,close}() check the data size
Browse files Browse the repository at this point in the history 
Throw an error if the data size is too large to fit in a control frame.
  • Loading branch information
@lpinca
lpinca committed Mar 9, 2020
1 parent af4f722 commit e54f08d
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 1 deletion.
16 changes: 15 additions & 1 deletion lib/sender.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,13 @@ class Sender {
buf = Buffer.allocUnsafe(2);
buf.writeUInt16BE(code, 0);
} else {
buf = Buffer.allocUnsafe(2 + Buffer.byteLength(data));
const length = Buffer.byteLength(data);

if (length > 123) {
throw new RangeError('The message must not be greater than 123 bytes');
}

buf = Buffer.allocUnsafe(2 + length);
buf.writeUInt16BE(code, 0);
buf.write(data, 2);
}
Expand Down Expand Up @@ -154,6 +160,10 @@ class Sender {
ping(data, mask, cb) {
const buf = toBuffer(data);

if (buf.length > 125) {
throw new RangeError('The data size must not be greater than 125 bytes');
}

if (this._deflating) {
this.enqueue([this.doPing, buf, mask, toBuffer.readOnly, cb]);
} else {
Expand Down Expand Up @@ -194,6 +204,10 @@ class Sender {
pong(data, mask, cb) {
const buf = toBuffer(data);

if (buf.length > 125) {
throw new RangeError('The data size must not be greater than 125 bytes');
}

if (this._deflating) {
this.enqueue([this.doPong, buf, mask, toBuffer.readOnly, cb]);
} else {
Expand Down
45 changes: 45 additions & 0 deletions test/websocket.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -878,6 +878,21 @@ describe('WebSocket', () => {
});
});
});

it('throws an error if the data size is greater than 125 bytes', (done) => {
const wss = new WebSocket.Server({ port: 0 }, () => {
const ws = new WebSocket(`ws://localhost:${wss.address().port}`);

ws.on('open', () => {
assert.throws(
() => ws.ping(Buffer.alloc(126)),
/^RangeError: The data size must not be greater than 125 bytes$/
);

wss.close(done);
});
});
});
});

describe('#pong', () => {
Expand Down Expand Up @@ -1019,6 +1034,21 @@ describe('WebSocket', () => {
});
});
});

it('throws an error if the data size is greater than 125 bytes', (done) => {
const wss = new WebSocket.Server({ port: 0 }, () => {
const ws = new WebSocket(`ws://localhost:${wss.address().port}`);

ws.on('open', () => {
assert.throws(
() => ws.pong(Buffer.alloc(126)),
/^RangeError: The data size must not be greater than 125 bytes$/
);

wss.close(done);
});
});
});
});

describe('#send', () => {
Expand Down Expand Up @@ -1429,6 +1459,21 @@ describe('WebSocket', () => {
});
});

it('throws an error if the message is greater than 123 bytes', (done) => {
const wss = new WebSocket.Server({ port: 0 }, () => {
const ws = new WebSocket(`ws://localhost:${wss.address().port}`);

ws.on('open', () => {
assert.throws(
() => ws.close(1000, 'a'.repeat(124)),
/^RangeError: The message must not be greater than 123 bytes$/
);

wss.close(done);
});
});
});

it('sends the close status code only when necessary', (done) => {
let sent;
const wss = new WebSocket.Server({ port: 0 }, () => {
Expand Down

0 comments on commit e54f08d

Please sign in to comment.