From 11ac750e873d31738c2bb344e5e216192c8045e3 Mon Sep 17 00:00:00 2001
From: Yuri Silver <yus.serebrennikov@gmail.com>
Date: Fri, 7 Jan 2022 15:31:58 +0300
Subject: [PATCH] Added reaction for incorrect reserved bits.
---
packages/fcl-web/src/websocket/fpwebsocket.pp | 23 ++++++++++++-------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/packages/fcl-web/src/websocket/fpwebsocket.pp b/packages/fcl-web/src/websocket/fpwebsocket.pp
index 092322acf7..448fe25b4d 100644
--- a/packages/fcl-web/src/websocket/fpwebsocket.pp
+++ b/packages/fcl-web/src/websocket/fpwebsocket.pp
@@ -636,8 +636,6 @@ var
buf: TBytes;
aPos, toRead: QWord;
begin
- { TODO: read aCount bytes }
-// toRead := aCount;
aPos := 0;
SetLength(aBytes, aCount);
repeat
@@ -977,7 +975,7 @@ begin
Raise EWebSocket.Create('Could not read frame header');
B1:=buffer[0];
FFinalFrame:=(B1 and FlagFinalFrame) = FlagFinalFrame;
- FRSV:=B1 and ($F0) and (not FlagFinalFrame);
+ FRSV:=(B1 and %01110000) shr 4;
FFrameType.AsFlag:=(B1 and $F);
FPayload.Read(Buffer,aTransport);
Result:=True;
@@ -1260,6 +1258,15 @@ Function TWSConnection.HandleIncoming(aFrame : TWSFrame) : Boolean;
begin
Result:=True;
+ // check Reserved
+ if aFrame.Reserved<>0 then
+ begin
+ Close('', CLOSE_PROTOCOL_ERROR);
+ UpdateCloseState;
+ Result:=false;
+ Exit;
+ end;
+
// here we handle payload.
if aFrame.FrameType<>ftContinuation then
FInitialOpcode:=aFrame.FrameType;
@@ -1282,16 +1289,16 @@ begin
// If our side sent the initial close, this is the reply, and we must disconnect (Result=false).
Result:=FCloseState=csNone;
if Result then
- begin
+ begin
FMessageContent:=aFrame.Payload.Data;
if not (woCloseExplicit in Options) then
- begin
- Send(ftClose); // Will update state
+ begin
+ Close('', CLOSE_NORMAL_CLOSURE); // Will update state
Result:=False; // We can disconnect.
- end
+ end
else
UpdateCloseState
- end
+ end
else
UpdateCloseState;
end;