This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 9659c71992 Fix BZ 69844 - server sending masked frames is a protocol
error
9659c71992 is described below
commit 9659c71992a4b467219481403022d8c4f7dc9ed5
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Oct 8 17:20:26 2025 +0100
Fix BZ 69844 - server sending masked frames is a protocol error
https://bz.apache.org/bugzilla/show_bug.cgi?id=69844
---
java/org/apache/tomcat/websocket/LocalStrings.properties | 1 +
java/org/apache/tomcat/websocket/WsFrameBase.java | 5 ++++-
webapps/docs/changelog.xml | 4 ++++
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/websocket/LocalStrings.properties
b/java/org/apache/tomcat/websocket/LocalStrings.properties
index c247c0b5af..8c77c8f245 100644
--- a/java/org/apache/tomcat/websocket/LocalStrings.properties
+++ b/java/org/apache/tomcat/websocket/LocalStrings.properties
@@ -74,6 +74,7 @@ wsFrame.invalidOpCode=A WebSocket frame was sent with an
unrecognised opCode of
wsFrame.invalidUtf8=A WebSocket text frame was received that could not be
decoded to UTF-8 because it contained invalid byte sequences
wsFrame.invalidUtf8Close=A WebSocket close frame was received with a close
reason that contained invalid UTF-8 byte sequences
wsFrame.ioeTriggeredClose=An unrecoverable IOException occurred so the
connection was closed
+wsFrame.masked=The server frame was masked but server frames must not be masked
wsFrame.messageTooBig=The message was [{0}] bytes long but the MessageHandler
has a limit of [{1}] bytes
wsFrame.noContinuation=A new message was started when a continuation frame was
expected
wsFrame.notMasked=The client frame was not masked but all client frames must
be masked
diff --git a/java/org/apache/tomcat/websocket/WsFrameBase.java
b/java/org/apache/tomcat/websocket/WsFrameBase.java
index 66b43ea9a0..01a7f44267 100644
--- a/java/org/apache/tomcat/websocket/WsFrameBase.java
+++ b/java/org/apache/tomcat/websocket/WsFrameBase.java
@@ -200,9 +200,12 @@ public abstract class WsFrameBase {
continuationExpected = !fin;
}
b = inputBuffer.get();
- // Client data must be masked
if ((b & 0x80) == 0 && isMasked()) {
+ // Client data must be masked
throw new WsIOException(new CloseReason(CloseCodes.PROTOCOL_ERROR,
sm.getString("wsFrame.notMasked")));
+ } else if ((b & 0x80) != 0 && !isMasked()) {
+ // Server data must not masked
+ throw new WsIOException(new CloseReason(CloseCodes.PROTOCOL_ERROR,
sm.getString("wsFrame.masked")));
}
payloadLength = b & 0x7F;
state = State.PARTIAL_HEADER;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 34aed47c83..2caeb12b85 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -292,6 +292,10 @@
port information. (markt)
</add>
<!-- Entries for backport and removal before 12.0.0-M1 below this line
-->
+ <fix>
+ <bug>69844</bug>: Close the connection with a protocol error if the
+ server sends masked frames. (markt)
+ </fix>
<fix>
<bug>69845</bug>: When using <code>permessage-deflate</code> with Java
25 onwards, handle the underlying <code>Inflater</code> and/or
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
