Comments (4)
i'm changed
the function:
try {
var k1 = this.request.headers['sec-websocket-key1'],
k2 = this.request.headers['sec-websocket-key2'];
if (k1 && k2) {
var md5 = crypto.createHash('md5');
[k1, k2].forEach(function(k) {
var n = parseInt(k.replace(/[^\d]/g, '')),
spaces = k.replace(/[^ ]/g, '').length;
if (spaces === 0 || n % spaces !== 0) {
this.listener.options.log('Invalid WebSocket key: "' + k + '". Dropping connection');
this.connection.destroy();
return false;
}
n /= spaces;
md5.update(String.fromCharCode(
n >> 24 & 0xFF,
n >> 16 & 0xFF,
n >> 8 & 0xFF,
n & 0xFF));
});
md5.update(this.upgradeHead.toString('binary'));
try {
this.connection.write(headers.concat('', '').join('\r\n') + md5.digest('binary'), 'binary');
} catch(e){
this._onClose();
}
}
return true;
} catch (e) {
this._onClose();
}
to prevent this
from socket.io.
This also apply for accessing websocket url directly:
/Users/kmike/dev/node-try/Socket.IO-node/lib/socket.io/transports/websocket.js:25
this.connection.setTimeout(0);
^
TypeError: Object #<a ServerResponse> has no method 'setTimeout'
at [object Object]._onConnect (/Users/kmike/dev/node-try/Socket.IO-node/lib/socket.io/transports/websocket.js:25:18)
at [object Object].<anonymous> (/Users/kmike/dev/node-try/Socket.IO-node/lib/socket.io/client.js:17:7)
at new <anonymous> (/Users/kmike/dev/node-try/Socket.IO-node/lib/socket.io/transports/websocket.js:9:9)
at [object Object]._onConnection (/Users/kmike/dev/node-try/Socket.IO-node/lib/socket.io/listener.js:123:73)
at [object Object].check (/Users/kmike/dev/node-try/Socket.IO-node/lib/socket.io/listener.js:83:9)
at Server.<anonymous> (/Users/kmike/dev/node-try/Socket.IO-node/lib/socket.io/listener.js:39:12)
at Server.emit (events:33:26)
at HTTPParser.onIncoming (http:825:10)
at HTTPParser.onHeadersComplete (http:87:31)
at Stream.ondata (http:757:22)
I think it's quite a serious error because the entire server can be shut down just by visiting public-available url.
from socket.io.
I can replicate crashing node.js by accessing the websocket url.
just type in url
http://localhost/socket.io/websocket
in web browser to crash node server.
I think that's pretty serious.
from socket.io.
30 Aug 16:53:22 - WebSocket connection invalid
is what you get now
from socket.io.
Related Issues (20)
- Connection recovery doesn't work HOT 2
- Allow to bind socket.io to bun built in server. HOT 2
- authToken = null in springboot despite set by the client HOT 1
- Replace `XMLHttpRequest` with `fetch` HOT 1
- "emitWithAck" function leaks memory when acknowledgement timeout HOT 1
- this.children is undefined for ParentBroadcastAdapter broadcast HOT 3
- How to get error details in client when server side with io.engine.use middleware HOT 1
- [adapter]: Add option to fetchSockets that returns results even if some nodes didn't respond HOT 1
- Simplify Socket.Io Docs by Removing `createServer` HOT 1
- What's the path!? HOT 1
- When I send a lot of data, the connection will breaks HOT 1
- Make room name string argument compatible with ES6 template literals HOT 4
- When I sent a byte [], the client failed to receive it. HOT 1
- My client sockets disconnect with a "ping timeout" reason after a few hours of connection and can't connect again HOT 8
- Argument of type '(nsp: any) => RedisStreamsAdapter' is not assignable to parameter of type 'AdapterConstructor' socket.io version 4.7.5 HOT 2
- socket.request.user empty after v2 to v4 migration
- Cannot send an object with more than 2 properties to socketio server from NextJs api
- Getting error websocket.js:39 WebSocket connection to 'ws://localhost:3000/socket.io/?EIO=4&transport=websocket' failed: again and again
- fetchSockets is not working as expected, giving only socket on local server HOT 1
- io.httpServer is private but the documentation says it's public
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from socket.io.