Harden WebSocket transport and permessage-deflate for RFC 6455/7692 conformance#847
Open
arturobernalg wants to merge 1 commit into
Open
Harden WebSocket transport and permessage-deflate for RFC 6455/7692 conformance#847arturobernalg wants to merge 1 commit into
arturobernalg wants to merge 1 commit into
Conversation
c22149a to
3e03738
Compare
… conformance Fixed the client permessage-deflate encoder, which stripped the flush trailer on every fragment and could truncate a SYNC_FLUSH, so a compressed message split across frames now decodes; the frame writer derives the masking key from SecureRandom. The session engine fails the connection on RSV1 set on a control frame, no longer delivers a truncated message after a 1009 close, and the HTTP/2 transport treats a selection key cancelled during shutdown as a gone channel instead of raising CancelledKeyException. On the server side the HTTP/2 handler advertises a bounded inbound flow-control window and back-pressures a bounded outbound queue, the frame reader rejects a 64-bit length with the most significant bit set, the frame writer enforces the 125-byte control frame limit and truncates the CLOSE reason, the processor fails a data frame received in the middle of a fragmented message, and extension negotiation accepts a given extension name only once. Both permessage-deflate implementations release their Deflater and Inflater when the session ends, and the HTTP/2 client accepts any 2xx handshake response.
3e03738 to
aa9ecce
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixed permessage-deflate fragmentation and the SYNC_FLUSH drain in both stacks, derived the client masking key from SecureRandom, and failed the connection on RSV1 control frames and on a data frame received mid-fragment.
Bounded the HTTP/2 server inbound window and outbound queue, rejected a 64-bit length with the MSB set, enforced the 125-byte control frame limit, and truncated the CLOSE reason.
Deduplicated extension offers by name, released the Deflater and Inflater on session end, accepted any 2xx Extended CONNECT response, and guarded the H2 transport against a cancelled selection key on shutdown.
Added tests for each; the module suite passes and checkstyle is clean.