Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fuzzingserver abruptly closes the TCP connection #78

Open
lpinca opened this issue Dec 11, 2017 · 0 comments
Open

fuzzingserver abruptly closes the TCP connection #78

lpinca opened this issue Dec 11, 2017 · 0 comments

Comments

@lpinca
Copy link

lpinca commented Dec 11, 2017
edited

Description

When the client sends a masked close frame, the server abruptly closes the TCP connection.

Reproducible in

version: 0.7.5
Node.js version(s): 4.8.7, 6.12.2, 8.9.3, 9.2.1
OS version(s): Ubuntu 16.04

Steps to reproduce

1. Start the fuzzingserver
(wstest) luigi@ubuntu:~/test$ uname -a
Linux ubuntu 4.4.0-103-generic #126-Ubuntu SMP Mon Dec 4 16:23:28 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
(wstest) luigi@ubuntu:~/test$ cat fuzzingserver.json 
{
  "url": "ws://192.168.0.31:9001",
  "outdir": "./reports/clients",
  "cases": ["*"],
  "exclude-cases": [],
  "exclude-agent-cases": {}
}
(wstest) luigi@ubuntu:~/test$ wstest -m fuzzingserver
Using implicit spec file 'fuzzingserver.json'
Loading spec from /home/luigi/test/fuzzingserver.json

Using Twisted reactor class <class 'twisted.internet.epollreactor.EPollReactor'>
Using UTF8 Validator class <type 'wsaccel.utf8validator.Utf8Validator'>
Using XOR Masker classes <type 'wsaccel.xormask.XorMaskerNull'>

Autobahn WebSockets 0.7.5/0.10.9 Fuzzing Server (Port 9001)
Ok, will run 519 test cases for any clients connecting
2. Run the following Node.js script
const assert = require('assert');
const net = require('net');

const host = '192.168.0.31';
const port = 9001;

const socket = net.createConnection(port, host, () => {
  socket.write([
    'GET /getCaseCount HTTP/1.1',
    `Host: ${host}:${port}`,
    'Upgrade: websocket',
    'Connection: Upgrade',
    'Sec-WebSocket-Key: huuKcUUBDmV/8iQBsEF8IA==',
    'Sec-WebSocket-Version: 13',
    '\r\n'
  ].join('\r\n'));
});

socket.on('data', (chunk) => {
  const headers = Buffer.from([
    'HTTP/1.1 101 Switching Protocols',
    'Server: AutobahnTestSuite/0.7.5-0.10.9',
    'X-Powered-By: AutobahnPython/0.10.9',
    'Upgrade: WebSocket',
    'Connection: Upgrade',
    'Sec-WebSocket-Accept: 158w9A++bqKnjX8gj72FqUAfNQA=',
    '\r\n'
  ].join('\r\n'));

  const data = Buffer.from('81033531398800', 'hex');
  const expected = Buffer.concat([headers, data]);

  assert.ok(chunk.equals(expected));

  socket.write(Buffer.from('8882ed036357eeeb', 'hex'));
  socket.end();
});

socket.on('end', () => console.log('end'));
socket.on('error', console.error);

Expected result

The connection is closed cleanly.

Actual result

An error is emitted on the socket.

{ Error: read ECONNRESET
    at _errnoException (util.js:1031:13)
    at TCP.onread (net.js:619:25) errno: 'ECONNRESET', code: 'ECONNRESET', syscall: 'read' }

Additional details

The connection is closed cleanly if the client sends an unmasked close frame.

socket.write(Buffer.from('880203E8', 'hex'));
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lpinca