Comments (8)
Interesting. The problem is that unsigned integers are not CLS compliant. Can you explain the issue with negative payload lengths?
from websocketlistener.
https://tools.ietf.org/html/rfc6455 - Page 29.
In condition 2, where payload data is 126, if next 2 bytes are interpreted as an int, then if your payload is greater than 32767 in length (0x7FFF), then your contentLength will be rolled over into negative territory, breaking the rest of the implementation.
In condition 3, where payload data is 127, if next 8 bytes are interpreted as an int, then if your payload is greater than 9.223372e+18 in length (0x7FFFFFFFFFFFFFFF), then your contentLength will be rolled over into negative territory, breaking the rest of the implementation.
Clearly, no sane person would expect to be bothered by condition 3, but for condition 2, any message of size 32768 (0x7FFF) to I believe 65535 (0xFFFF) would result in an unfavourable situation.
from websocketlistener.
Great. I won't have a laptop handy until Monday. I will try to reproduce these situations in th unit tests about header parsing. Thanks.
from websocketlistener.
Also, as I understand, for CLS compliance, only public members must be signed, whereas private members, internal members, and temporary variables used in the implementation/logic, can be unsigned.
from websocketlistener.
That is right. I have done the pertinent changes in the changeset : f0a2cc2
Let me know your thoughts. And thanks for taking the time in reporting this.
from websocketlistener.
Great, so receiving in all cases of the above case 2 works well (from sizes 32768 (0x7FFF) to 65535 (0xFFFF) in content length) however, you need to make the same changes when you build and send your frame headers. As is stands, message being sent that are between 32768 (0x7FFF) and 65535 (0xFFFF) in content length will once again cause a critical error in generating an incorrect frame header.
I believe this is because of your use of Int16.MaxValue rather than UInt16.MaxValue in several areas, and your ByteArrayExtenstions also do not implement the unsigned counterparts. As for very large messages (Int64.MaxValue < x < UInt64.MaxValue) your library will simply throw an exception and refuse to send it, for the same reasons.
from websocketlistener.
Right, I just came from holidays so bear with me :)
I fixed the header creation as well: 8c9361d
(some changes to fix the CLS compliant thing have been added later)
There is no need to throw an exception since the creation helper only allows Int64.
from websocketlistener.
This is fixed in the latest version : https://www.nuget.org/packages/vtortola.WebSocketListener/2.1.9
Cheers.
from websocketlistener.
Related Issues (20)
- I am trying to upgrade from V2.2.0.1 to V3.0.0 but it errors out. HOT 5
- Does WebSocketListener work with the HoloLens (UWP)? HOT 1
- V3.0.0 does not work with Mono v4.6.2 HOT 3
- How to bypass CORS? HOT 1
- IOException Issues Randomly HOT 1
- IE Origin HOT 2
- WSS Configuration HOT 2
- On quick client disconnect, ObjectDisposedException being thrown HOT 1
- WebSocketMessageReadNetworkStream can only start with a Text or Binary frame, not Continuation HOT 2
- WebSocketHandshaker.ParseWebSocketProtocol throws a NullReferenceException HOT 1
- Server does not detect broken link on linux
- TLS 1.2 is not supported HOT 1
- Cannot understand frame header exception when receiving messages from Javascript HOT 5
- SSL Deserialize Message not working HOT 4
- How to use OnHttpNegotiation in 3.0.0
- Is there a sample including Authentication? HOT 1
- Some Information about Client HOT 1
- Try to Secure WebSocket: Unknow error while processing the certificate
- Is WebSocketListener good enough out of the box for video streaming? HOT 2
- Websocket Listener is able to accept incoming data from Client but Websocket Listener thinks connection with client is closed. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from websocketlistener.