websocket-driver 0.6.2 → 0.6.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/ext/websocket-driver/websocket_mask.c +1 -1
  4. data/lib/websocket/driver.rb +1 -0
  5. data/lib/websocket/driver/client.rb +7 -1
  6. data/lib/websocket/driver/draft76.rb +20 -8
  7. data/lib/websocket/driver/server.rb +1 -0
  8. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f1bf44c48fb73c1472cc8c5752bc87cd38f545bf
4
- data.tar.gz: 9a95a47349ec213020574596650c27d50db93fa7
3
+ metadata.gz: e35545d555e0f2a1d4846483ed021aed831be4aa
4
+ data.tar.gz: 4fbb5db8194130225cc4130862cec3126729fafe
5
5
  SHA512:
6
- metadata.gz: ddf6c23ad1b0f2a9f9c5f4f67978efbec3916bb26754941008da6a488ea5b151ddd504664699cbf1bcee422aaea2b860955af9ccd5f257266be33e7f344be2fd
7
- data.tar.gz: cf55f6a6e0c62790f8b40efa7af9fdb174e354b8a2d14c218a6421f3258c8c2237c38449eb100e53c650191da8df8df35039e6456acf3c783ba2eeccbe79e70a
6
+ metadata.gz: ddf14ddda68f212cd4453fd0b5e97f8e3b1e0c9741d2bfbb1e6b7b208846cd636b7d73045af9975de3451d7a1c8995e455429e10ea00b3a03026b64d90c44d9f
7
+ data.tar.gz: dd0fd4513efe1a75012d942293b751de86e1c45836b3551b54e52044df95c0f005ae50ad2a8a761e79f5e3f1f4ec872d97116c7750ffbb3964f4ca327509abeb
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ### 0.6.3 / 2015-11-06
2
+
3
+ * Reject draft-76 handshakes if their Sec-WebSocket-Key headers are invalid
4
+ * Throw a more helpful error if a client is created with an invalid URL
5
+
1
6
  ### 0.6.2 / 2015-07-18
2
7
 
3
8
  * When the peer sends a close frame with no error code, emit 1000
data/ext/websocket-driver/websocket_mask.c CHANGED
@@ -20,7 +20,7 @@ method_websocket_mask(VALUE self,
20
20
  VALUE mask)
21
21
  {
22
22
  char *payload_s, *mask_s, *unmasked_s;
23
- int i, n;
23
+ long i, n;
24
24
  VALUE unmasked;
25
25
 
26
26
  if (mask == Qnil || RSTRING_LEN(mask) != 4) {
data/lib/websocket/driver.rb CHANGED
@@ -46,6 +46,7 @@ module WebSocket
46
46
  CloseEvent = Struct.new(:code, :reason)
47
47
 
48
48
  ProtocolError = Class.new(StandardError)
49
+ URIError = Class.new(ArgumentError)
49
50
  ConfigurationError = Class.new(ArgumentError)
50
51
 
51
52
  autoload :Client, root + '/client'
data/lib/websocket/driver/client.rb CHANGED
@@ -2,6 +2,8 @@ module WebSocket
2
2
  class Driver
3
3
 
4
4
  class Client < Hybi
5
+ VALID_SCHEMES = %w[ws wss]
6
+
5
7
  def self.generate_key
6
8
  Base64.strict_encode64(SecureRandom.random_bytes(16))
7
9
  end
@@ -16,7 +18,11 @@ module WebSocket
16
18
  @accept = Hybi.generate_accept(@key)
17
19
  @http = HTTP::Response.new
18
20
 
19
- uri = URI.parse(@socket.url)
21
+ uri = URI.parse(@socket.url)
22
+ unless VALID_SCHEMES.include?(uri.scheme)
23
+ raise URIError, "#{socket.url} is not a valid WebSocket URL"
24
+ end
25
+
20
26
  host = uri.host + (uri.port ? ":#{uri.port}" : '')
21
27
  path = (uri.path == '') ? '/' : uri.path
22
28
  @pathname = path + (uri.query ? '?' + uri.query : '')
data/lib/websocket/driver/draft76.rb CHANGED
@@ -38,6 +38,24 @@ module WebSocket
38
38
  private
39
39
 
40
40
  def handshake_response
41
+ env = @socket.env
42
+
43
+ key1 = env['HTTP_SEC_WEBSOCKET_KEY1']
44
+ number1 = number_from_key(key1)
45
+ spaces1 = spaces_in_key(key1)
46
+
47
+ key2 = env['HTTP_SEC_WEBSOCKET_KEY2']
48
+ number2 = number_from_key(key2)
49
+ spaces2 = spaces_in_key(key2)
50
+
51
+ if number1 % spaces1 != 0 or number2 % spaces2 != 0
52
+ emit(:error, ProtocolError.new('Client sent invalid Sec-WebSocket-Key headers'))
53
+ close
54
+ return nil
55
+ end
56
+
57
+ @key_values = [number1 / spaces1, number2 / spaces2]
58
+
41
59
  start = 'HTTP/1.1 101 WebSocket Protocol Handshake'
42
60
  headers = [start, @headers.to_s, '']
43
61
  headers.join("\r\n")
@@ -46,14 +64,8 @@ module WebSocket
46
64
  def handshake_signature
47
65
  return nil unless @body.bytesize >= BODY_SIZE
48
66
 
49
- head = @body[0...BODY_SIZE]
50
- env = @socket.env
51
- key1 = env['HTTP_SEC_WEBSOCKET_KEY1']
52
- value1 = number_from_key(key1) / spaces_in_key(key1)
53
- key2 = env['HTTP_SEC_WEBSOCKET_KEY2']
54
- value2 = number_from_key(key2) / spaces_in_key(key2)
55
-
56
- Digest::MD5.digest([value1, value2, head].pack('N2A*'))
67
+ head = @body[0...BODY_SIZE]
68
+ Digest::MD5.digest((@key_values + [head]).pack('N2A*'))
57
69
  end
58
70
 
59
71
  def send_handshake_body
data/lib/websocket/driver/server.rb CHANGED
@@ -7,6 +7,7 @@ module WebSocket
7
7
  def initialize(socket, options = {})
8
8
  super
9
9
  @http = HTTP::Request.new
10
+ @delegate = nil
10
11
  end
11
12
 
12
13
  def env
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: websocket-driver
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.2
4
+ version: 0.6.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - James Coglan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-07-18 00:00:00.000000000 Z
11
+ date: 2015-11-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: websocket-extensions
@@ -136,7 +136,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
136
136
  version: '0'
137
137
  requirements: []
138
138
  rubyforge_project:
139
- rubygems_version: 2.4.5
139
+ rubygems_version: 2.4.5.1
140
140
  signing_key:
141
141
  specification_version: 4
142
142
  summary: WebSocket protocol handler with pluggable I/O