mozilla-central: changeset 74077:e47729ef75523159ed73b4c2e960229e393ed02d

author	Patrick McManus <mcmanus@ducksong.com>
	Mon, 08 Aug 2011 23:41:22 -0700
changeset 74077	e47729ef75523159ed73b4c2e960229e393ed02d
parent 74052	f1a3fea305ffb0bbc9664ea5329a76988a5f5cd9
child 74078	51c305f11c13320c04d64afcbb30b77b76d2c7bb
push id	20948
push user	eakhgari@mozilla.com
push date	Tue, 09 Aug 2011 18:44:27 +0000
treeherder	mozilla-central@db5a68bc2a0f [default view] [failures only]
perfherder	[talos] [build metrics] [platform microbench] (compared to previous push)
bugs	675983
milestone	8.0a1
first release with	nightly linux32 04dfb49d3a3d / 8.0a1 / 20110810030738 / files nightly linux64 04dfb49d3a3d / 8.0a1 / 20110810030738 / files nightly mac 04dfb49d3a3d / 8.0a1 / 20110810030738 / files nightly win32 04dfb49d3a3d / 8.0a1 / 20110810030738 / files nightly win64 04dfb49d3a3d / 8.0a1 / 20110810030738 / files
last release without	nightly linux32 f414db34c70b / 8.0a1 / 20110808030804 / files nightly linux64 f414db34c70b / 8.0a1 / 20110808030804 / files nightly mac f414db34c70b / 8.0a1 / 20110808030804 / files nightly win32 f414db34c70b / 8.0a1 / 20110808030804 / files nightly win64 f414db34c70b / 8.0a1 / 20110808030804 / files

--- a/netwerk/protocol/websocket/WebSocketChannel.cpp
+++ b/netwerk/protocol/websocket/WebSocketChannel.cpp
@@ -568,17 +568,17 @@ WebSocketChannel::WebSocketChannel() :
   mTCPClosed(0),
   mOpenBlocked(0),
   mOpenRunning(0),
   mChannelWasOpened(0),
   mMaxMessageSize(16000000),
   mStopOnClose(NS_OK),
   mServerCloseCode(CLOSE_ABNORMAL),
   mScriptCloseCode(0),
-  mFragmentOpcode(0),
+  mFragmentOpcode(kContinuation),
   mFragmentAccumulator(0),
   mBuffered(0),
   mBufferSize(16384),
   mCurrentOut(nsnull),
   mCurrentOutSent(0),
   mCompressor(nsnull),
   mDynamicOutputSize(0),
   mDynamicOutput(nsnull)
@@ -858,24 +858,32 @@ WebSocketChannel::ProcessInput(PRUint8 *
     }
 
     if (!finBit || opcode == kContinuation) {
       // This is part of a fragment response
 
       // Only the first frame has a non zero op code: Make sure we don't see a
       // first frame while some old fragments are open
       if ((mFragmentAccumulator != 0) && (opcode != kContinuation)) {
-        LOG(("WebSocketHeandler:: nested fragments\n"));
+        LOG(("WebSocketChannel:: nested fragments\n"));
         AbortSession(NS_ERROR_ILLEGAL_VALUE);
         return NS_ERROR_ILLEGAL_VALUE;
       }
 
       LOG(("WebSocketChannel:: Accumulating Fragment %lld\n", payloadLength));
 
       if (opcode == kContinuation) {
+
+        // Make sure this continuation fragment isn't the first fragment
+        if (mFragmentOpcode == kContinuation) {
+          LOG(("WebSocketHeandler:: continuation code in first fragment\n"));
+          AbortSession(NS_ERROR_ILLEGAL_VALUE);
+          return NS_ERROR_ILLEGAL_VALUE;
+        }
+
         // For frag > 1 move the data body back on top of the headers
         // so we have contiguous stream of data
         NS_ABORT_IF_FALSE(mFramePtr + framingLength == payload,
                           "payload offset from frameptr wrong");
         ::memmove(mFramePtr, payload, avail);
         payload = mFramePtr;
         if (mBuffered)
           mBuffered -= framingLength;
@@ -885,16 +893,18 @@ WebSocketChannel::ProcessInput(PRUint8 *
 
       if (finBit) {
         LOG(("WebSocketChannel:: Finalizing Fragment\n"));
         payload -= mFragmentAccumulator;
         payloadLength += mFragmentAccumulator;
         avail += mFragmentAccumulator;
         mFragmentAccumulator = 0;
         opcode = mFragmentOpcode;
+        // reset to detect if next message illegally starts with continuation
+        mFragmentOpcode = kContinuation;
       } else {
         opcode = kContinuation;
         mFragmentAccumulator += payloadLength;
       }
     } else if (mFragmentAccumulator != 0 && !(opcode & kControlFrameMask)) {
       // This frame is not part of a fragment sequence but we
       // have an open fragment.. it must be a control code or else
       // we have a problem