[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
Gustavo Noronha Silva
gns at gnome.org
Thu Apr 8 02:24:24 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit 0b1c73e74ef63c3ad38f0a8882941ddbe8fcad19
Author: ukai at chromium.org <ukai at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Mar 23 06:08:33 2010 +0000
2010-03-19 Abhishek Arya <inferno at chromium.org>
Reviewed by Adam Barth.
https://bugs.webkit.org/show_bug.cgi?id=36339
This LayoutTest tests for webkit ability to process long invalid headers generated by misbehaving websockets servers.
* websocket/tests/long-invalid-header-expected.txt: Added.
* websocket/tests/long-invalid-header.html: Added.
* websocket/tests/long-invalid-header_wsh.py: Added.
* websocket/tests/script-tests/long-invalid-header.js: Added.
2010-03-19 Abhishek Arya <inferno at chromium.org>
Reviewed by Adam Barth.
https://bugs.webkit.org/show_bug.cgi?id=36339
Off-by-one memory corruption fix for long invalid websockets upgrade header
Test: websocket/tests/long-invalid-header.html
* websockets/WebSocketHandshake.cpp:
(WebCore::WebSocketHandshake::readServerHandshake):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@56380 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index ff77a2a..fe187a6 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2010-03-19 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ https://bugs.webkit.org/show_bug.cgi?id=36339
+ This LayoutTest tests for webkit ability to process long invalid headers generated by misbehaving websockets servers.
+
+ * websocket/tests/long-invalid-header-expected.txt: Added.
+ * websocket/tests/long-invalid-header.html: Added.
+ * websocket/tests/long-invalid-header_wsh.py: Added.
+ * websocket/tests/script-tests/long-invalid-header.js: Added.
+
2010-03-22 Justin Schuh <jschuh at chromium.org>
Reviewed by Dirk Schulze.
diff --git a/LayoutTests/websocket/tests/long-invalid-header-expected.txt b/LayoutTests/websocket/tests/long-invalid-header-expected.txt
new file mode 100644
index 0000000..78e3613
--- /dev/null
+++ b/LayoutTests/websocket/tests/long-invalid-header-expected.txt
@@ -0,0 +1,10 @@
+CONSOLE MESSAGE: line 0: Bad Upgrade header: pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
+Make sure WebSocket gives errors on long invalid upgrade header.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+WebSocket is closed
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/websocket/tests/long-invalid-header.html b/LayoutTests/websocket/tests/long-invalid-header.html
new file mode 100644
index 0000000..d7d7e71
--- /dev/null
+++ b/LayoutTests/websocket/tests/long-invalid-header.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
+<script src="../../fast/js/resources/js-test-pre.js"></script>
+<script src="../../fast/js/resources/js-test-post-function.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script src="script-tests/long-invalid-header.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/websocket/tests/long-invalid-header_wsh.py b/LayoutTests/websocket/tests/long-invalid-header_wsh.py
new file mode 100644
index 0000000..b2a48d7
--- /dev/null
+++ b/LayoutTests/websocket/tests/long-invalid-header_wsh.py
@@ -0,0 +1,9 @@
+def web_socket_do_extra_handshake(request):
+ msg = "HTTP/1.1 101 Web Socket Protocol Handshake\r\n"
+ msg += ("p" * 1024) + "\r\n"
+ request.connection.write(msg)
+
+def web_socket_transfer_data(request):
+ msg = "HTTP/1.1 101 Web Socket Protocol Handshake\r\n"
+ msg += ("p" * 1024) + "\r\n"
+ request.connection.write(msg)
diff --git a/LayoutTests/websocket/tests/script-tests/long-invalid-header.js b/LayoutTests/websocket/tests/script-tests/long-invalid-header.js
new file mode 100644
index 0000000..294e19e
--- /dev/null
+++ b/LayoutTests/websocket/tests/script-tests/long-invalid-header.js
@@ -0,0 +1,23 @@
+description("Make sure WebSocket gives errors on long invalid upgrade header.");
+if (window.layoutTestController)
+ layoutTestController.waitUntilDone();
+
+function finish() {
+ clearTimeout(timeoutID);
+
+ isSuccessfullyParsed();
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+var ws = new WebSocket("ws://127.0.0.1:8880/websocket/tests/long-invalid-header");
+ws.onopen = function () {
+ debug("WebSocket is open");
+};
+ws.onclose = function () {
+ debug("WebSocket is closed");
+ finish();
+};
+var timeoutID = setTimeout("finish()", 2000);
+
+var successfullyParsed = true;
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 1bbc2c5..d0a867c 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-03-19 Abhishek Arya <inferno at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ https://bugs.webkit.org/show_bug.cgi?id=36339
+ Off-by-one memory corruption fix for long invalid websockets upgrade header
+
+ Test: websocket/tests/long-invalid-header.html
+
+ * websockets/WebSocketHandshake.cpp:
+ (WebCore::WebSocketHandshake::readServerHandshake):
+
2010-03-22 Justin Schuh <jschuh at chromium.org>
Reviewed by Dirk Schulze.
diff --git a/WebCore/websockets/WebSocketHandshake.cpp b/WebCore/websockets/WebSocketHandshake.cpp
index 5263ed4..a5f0672 100644
--- a/WebCore/websockets/WebSocketHandshake.cpp
+++ b/WebCore/websockets/WebSocketHandshake.cpp
@@ -258,7 +258,7 @@ int WebSocketHandshake::readServerHandshake(const char* header, size_t len)
}
}
const char* p = header + sizeof(webSocketServerHandshakeHeader) - 1;
- const char* end = header + len + 1;
+ const char* end = header + len;
if (m_mode == Normal) {
size_t headerSize = end - p;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list