This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 84f3801b51 Fix BZ 69844 - server sending masked frames is a protocol
error
84f3801b51 is described below
commit 84f3801b51ea986588bb07046299524edacdd4f2
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Oct 8 17:20:26 2025 +0100
Fix BZ 69844 - server sending masked frames is a protocol error
https://bz.apache.org/bugzilla/show_bug.cgi?id=69844
---
java/org/apache/tomcat/websocket/LocalStrings.properties | 1 +
java/org/apache/tomcat/websocket/WsFrameBase.java | 5 ++++-
webapps/docs/changelog.xml | 4 ++++
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/websocket/LocalStrings.properties
b/java/org/apache/tomcat/websocket/LocalStrings.properties
index ecb2248c2a..22968a6340 100644
--- a/java/org/apache/tomcat/websocket/LocalStrings.properties
+++ b/java/org/apache/tomcat/websocket/LocalStrings.properties
@@ -75,6 +75,7 @@ wsFrame.invalidOpCode=A WebSocket frame was sent with an
unrecognised opCode of
wsFrame.invalidUtf8=A WebSocket text frame was received that could not be
decoded to UTF-8 because it contained invalid byte sequences
wsFrame.invalidUtf8Close=A WebSocket close frame was received with a close
reason that contained invalid UTF-8 byte sequences
wsFrame.ioeTriggeredClose=An unrecoverable IOException occurred so the
connection was closed
+wsFrame.masked=The server frame was masked but server frames must not be masked
wsFrame.messageTooBig=The message was [{0}] bytes long but the MessageHandler
has a limit of [{1}] bytes
wsFrame.noContinuation=A new message was started when a continuation frame was
expected
wsFrame.notMasked=The client frame was not masked but all client frames must
be masked
diff --git a/java/org/apache/tomcat/websocket/WsFrameBase.java
b/java/org/apache/tomcat/websocket/WsFrameBase.java
index 78d2467ed8..1740ceb596 100644
--- a/java/org/apache/tomcat/websocket/WsFrameBase.java
+++ b/java/org/apache/tomcat/websocket/WsFrameBase.java
@@ -200,9 +200,12 @@ public abstract class WsFrameBase {
continuationExpected = !fin;
}
b = inputBuffer.get();
- // Client data must be masked
if ((b & 0x80) == 0 && isMasked()) {
+ // Client data must be masked
throw new WsIOException(new CloseReason(CloseCodes.PROTOCOL_ERROR,
sm.getString("wsFrame.notMasked")));
+ } else if ((b & 0x80) != 0 && !isMasked()) {
+ // Server data must not masked
+ throw new WsIOException(new CloseReason(CloseCodes.PROTOCOL_ERROR,
sm.getString("wsFrame.masked")));
}
payloadLength = b & 0x7F;
state = State.PARTIAL_HEADER;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8483f10814..1225461091 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -2346,6 +2346,10 @@
</subsection>
<subsection name="WebSocket">
<changelog>
+ <fix>
+ <bug>69844</bug>: Close the connection with a protocol error if the
+ server sends masked frames. (markt)
+ </fix>
<fix>
<bug>68884</bug>: Reduce the write timeout when writing WebSocket close
messages for abnormal closes. The timeout defaults to 50 milliseconds
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
