Skip to content
This repository has been archived by the owner on Sep 20, 2021. It is now read-only.

Malformed header #24

Open
rokha opened this issue Dec 30, 2016 · 4 comments
Open

Malformed header #24

rokha opened this issue Dec 30, 2016 · 4 comments
Assignees
@Pierozi
Labels
bug difficulty: medium in progress

Comments

@rokha
Copy link

rokha commented Dec 30, 2016
edited by Hywan
Loading

Hi,

While working on Hoa\WebSocket I ran into a weird issue where a particular browser instance of chrome was breaking the socket server for all the connected clients. Upon investigation, we realized that the browser was sending malformed (read incomplete) headers. Although couldn't figure out why but realized that it should not be the reason why socket server should break for everyone.

Eventually, we found the reason to be in _parse function of Hoa\Http at this line.

The header I was receiving had the last line clipped before : which caused index not available. An example header is:

GET / HTTP/1.1
Host: pr.newsbytesapp.com:8889
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
Origin: http://xx.yyyy.com
Sec-WebSocket-Version: 13
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: __unam=a56ccef-15471a9429e-452f979a-2504; AMP_ECID_GOOGLE=amp-ABTfroEKKHPPukDuQQc4mzfNOnfBTUtE4njuK5GdQq74kjG_SM0xuErSuvkLS27b; laravel_acl_sentry=eyJpdiI6ImpjaDBoZU9HbmY3RXVPemMzSHJMTVE9PSIsInZhbHVlIjoiSDVlclRjaW1ydlNLYXhsSTRZd0tkQnpEdURySVB2VzQ1Zlgrc1g3ZzdtdnZ6aW1kZmdiblRURDlpR28zYnVhN2pRSUZhbEZybWp0Z2VvMVFuYW9oVHl5RzZodVJOZXJNTmhQaGJwamdIQUJDWFBLRUpadTk0Vkx3M1JtSGlzSUQiLCJtYWMiOiI5MzQxZDQ4Yjg0MGIyNDYyYjU2N2Y1ZDFjOGMyZmE3MTA2ZDA3MzE1NTg3N2EyZWQzYmZhZDA5YThlNzllNzY5In0%3D; _gat=1; laravel_session=eyJpdiI6IkdzcVNcL2g0b0dxZFkyck8wT1wvN09HUT09IiwidmFsdWUiOiIzODYxUk5ZcEZVXC96b1pITnc5TlhwWnJMamVrankrMVhJaVpWZ2NoTXVQSnV5WHJ0MW4yalRnSVpmQlJmQkRQdHhBMGgyVFl5dnVHOW1FK0JZQld1aGc9PSIsIm1hYyI6IjMxNWJmYmU3ZWY2NzNlYjk0NTMwZWVkMjVhYWU1Y2FkMGZlNjU4Y2FkYTYxN2RkYmQ0MDM3NDRiYTFkNTg0NjIifQ%3D%3D; chch-SI=61CB5ABFCAE3FBC75C27A7B22B4EF5D7; chch-PSI=61CB5ABFCAE3FBC75C27A7B22B4EF5D7; _ga=GA1.2.1418394292.1462195799
Sec-WebSocket-Key: TjO2I+f5Q2SB4bxjQ9hDSA==
Sec-WebSocket-Extens

as you can see Sec-WebSocket-Extensions was missing. I think it is an important issue as one cannot control client behavior.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
@Hywan
Copy link
Member

Hywan commented Jan 8, 2017

Related to hoaproject/Websocket#73 and hoaproject/Websocket#72.

ping @Pierozi

@Pierozi
Copy link
Member

Pierozi commented Jan 9, 2017

Hello @rokha, what's your request, the Sec-WebSocket-Extensions has no value ?

@Hywan
Copy link
Member

Hywan commented Jan 9, 2017

@Pierozi I guess the parsing stops at a specific length, and since the Cookie is very long, the buffer is not big enough to parse the whole request.

@rokha
Copy link
Author

rokha commented Jan 9, 2017

It's not really no value, it may also be that some header is partially available. As in my example, it never reached the :

Also, I increased the buffer size but that was not helping.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Pierozi Pierozi

Labels
bug difficulty: medium in progress
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rokha @Hywan @Pierozi