search

mattgodbolt / seasocks

Simple, small, C++ embeddable webserver with WebSockets support
BSD 2-Clause "Simplified" License
734 stars 120 forks source link

Exception and dangling connection when "Sec-WebSocket-Version" is missing #131

Closed iris-ersc closed 4 years ago

iris-ersc commented 4 years ago

While working with seasocks and testing with curl I came across some (maybe) unwanted behavior:

When there is no "Sec-WebSocket-Version" header field, seasocks throws a invalid_argument exception.

curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" http://host/path

The header field "Sec-WebSocket-Version" is mandatory according to the WebSocket Protocol, but crashing the whole webserver because a simple std::stoi operates on an empty string is probably not good.

https://github.com/mattgodbolt/seasocks/blob/ec3558d66e7bed7b9d1f502c4171730668a8eb59/src/main/c/Connection.cpp#L920

offa commented 4 years ago

Thanks for reporting.

According the RFC6455 it's best to return 426 Upgrade Required. I'll have a look at it.

offa commented 4 years ago

I have opened #132 to address this issue. It does handle any parsing errors now. In case of an empty header there's a entry in the log now.

offa commented 4 years ago

PR merged.