Hi All,
I'm interested to work on the Monkey HTTP Daemon as a part of Google
Summer of Code 2012.
I found the project "WebSockets" very interesting and decided to try it
out. I tried to send messages to the daemon through the websocket.org
echo implementation.
I got a segfault right away in the logger. With the fix included below, I
got it to work.
I also fixed the inability of ws.c to work with payloads larger than 125
bytes and have also removed the 256 byte packet limitation.
The tentative patches are included below. Please suggest changes, so
that, if at all possible, the patch can be brought to merge-able quality!
Best,
Balaji Rao
---
diff --git a/plugins/logger/logger.c b/plugins/logger/logger.c
index 6729cd6..cc3e5e1 100644
--- a/plugins/logger/logger.c
+++ b/plugins/logger/logger.c
@@ -67,6 +67,8 @@ static struct status_response response_codes[] = {
{415, "415"},
{500, "500"}, {501, "501"}, {502, "502"}, {503, "503"}, {504, "504"},
{505, "505"},
+
+ {7, ""},
};
@@ -506,6 +508,7 @@ int _mkp_stage_40(struct client_session *cs, struct session_request *sr)
}
if (array_len == i) {
+ /* FIXME : status.data can be an invalid pointer */
mk_api->str_itop(http_status, &status);
status.len -= 2;
}
diff --git a/plugins/websockets/DISABLED b/plugins/websockets/DISABLED
deleted file mode 100644
index e69de29..0000000
diff --git a/plugins/websockets/ws.c b/plugins/websockets/ws.c
index 17dd78c..a5fee14 100644
--- a/plugins/websockets/ws.c
+++ b/plugins/websockets/ws.c
@@ -163,16 +163,16 @@ int ws_handler(int socket, struct client_session *cs,
struct session_request *sr
int _mkp_event_read(int sockfd)
{
int i, n;
- char buf[256];
+ char *buf = NULL;
unsigned int frame_size = 0;
unsigned int frame_opcode = 0;
unsigned int frame_mask = 0;
unsigned int frame_payload = 0;
unsigned char frame_masking_key[256];
unsigned int payload_value = 0;
- unsigned int payload_size = 0;
+ unsigned int payload_offset = 0;
unsigned int mask_key_init = 0;
- unsigned char data[256];
+ unsigned char *data = NULL;
struct mk_ws_request *wr;
@@ -182,12 +182,12 @@ int _mkp_event_read(int sockfd)
return MK_PLUGIN_RET_EVENT_NEXT;
}
+ buf = malloc(256);
/* Read incoming data from Palm socket */
memset(buf, '\0', sizeof(buf));
n = mk_api->socket_read(sockfd, buf, 256);
if (n <= 0) {
- return MK_PLUGIN_RET_EVENT_CLOSE;
-
+ goto err;
}
frame_size = n;
@@ -196,24 +196,16 @@ int _mkp_event_read(int sockfd)
frame_payload = buf[1] & 0x7f;
if (frame_payload == 126) {
- payload_size = 2;
+ payload_offset = 2;
+ payload_value = ntohs(*(uint16_t *) (buf + 2) );
}
else if (frame_payload == 127) {
- payload_size = 8;
- }
-
-
- if (payload_size != 0) {
- buf[1] = 0;
- memcpy(&payload_value, buf + 1, payload_size);
- }
- else {
+ payload_offset = 8;
+ payload_value = ntohl(*(uint32_t *) buf + 4);
+ } else {
payload_value = frame_payload;
}
- /* FIXME: payload size not working when using frame_payload = 126 || 127 */
- payload_value = frame_payload;
-
#ifdef TRACE
PLUGIN_TRACE("Frame Headers:");
(CHECK_BIT(buf[0], 7)) ? printf("FIN ON\n") : printf("FIN OFF\n");
@@ -226,28 +218,38 @@ int _mkp_event_read(int sockfd)
printf("Frame Size\t%i\n", frame_size);
printf("Frame Payload\t%i\n", frame_payload);
printf("Payload Value\t%i\n", (unsigned int) payload_value);
- printf("Payload Size\t%i\n", (unsigned int) payload_size);
+ printf("Payload Offset\t%i\n", (unsigned int) payload_offset);
fflush(stdout);
#endif
- memset(data, '\0', sizeof(data));
+ if (payload_value > 256) {
+ buf = realloc(buf, payload_value + 8 + WS_FRAME_MASK_LEN);
+
+ n = mk_api->socket_read(sockfd, buf + 256, payload_value - 256 + 8 +
WS_FRAME_MASK_LEN);
+ if (n < 0) {
+ goto err;
+ }
+ }
+
+ data = malloc(payload_value + 1);
+ memset(data, '\0', payload_value + 1);
if (frame_mask) {
- mask_key_init = 2 + payload_size;
+ mask_key_init = 2 + payload_offset;
memcpy(&frame_masking_key, buf + mask_key_init, WS_FRAME_MASK_LEN);
- if (payload_size != (frame_size - (mask_key_init + WS_FRAME_MASK_LEN))) {
+ if (payload_offset != (frame_size - (mask_key_init +
WS_FRAME_MASK_LEN))) {
//mk_err("Invalid frame size: %i", (frame_size - (mask_key_init +
WS_FRAME_MASK_LEN)));
/* FIXME: Send error, frame size does not cover the payload size */
- //return MK_PLUGIN_RET_EVENT_CLOSE;
+ // goto err;
}
- memcpy(&data, buf + mask_key_init + WS_FRAME_MASK_LEN, payload_value);
+ memcpy(data, buf + mask_key_init + WS_FRAME_MASK_LEN, payload_value);
for (i=0; i < payload_value; i++) {
data[i] = data[i] ^ frame_masking_key[i % 4];
}
}
else {
- memcpy(&data, buf + 2 + payload_size, payload_value);
+ memcpy(data, buf + 2 + payload_offset, payload_value);
}
#ifdef TRACE
@@ -255,6 +257,11 @@ int _mkp_event_read(int sockfd)
#endif
return MK_PLUGIN_RET_EVENT_OWNED;
+
+ err:
+ free(data);
+ free(buf);
+ return MK_PLUGIN_RET_EVENT_CLOSE;
}
_______________________________________________
Monkey mailing list
[email protected]
http://lists.monkey-project.com/listinfo/monkey
