1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/websockets/websocket_basic_stream.h" 6 7 #include <algorithm> 8 #include <limits> 9 #include <string> 10 #include <vector> 11 12 #include "base/basictypes.h" 13 #include "base/bind.h" 14 #include "base/logging.h" 15 #include "base/safe_numerics.h" 16 #include "net/base/io_buffer.h" 17 #include "net/base/net_errors.h" 18 #include "net/socket/client_socket_handle.h" 19 #include "net/websockets/websocket_errors.h" 20 #include "net/websockets/websocket_frame.h" 21 #include "net/websockets/websocket_frame_parser.h" 22 23 namespace net { 24 25 namespace { 26 27 // This uses type uint64 to match the definition of 28 // WebSocketFrameHeader::payload_length in websocket_frame.h. 29 const uint64 kMaxControlFramePayload = 125; 30 31 // The number of bytes to attempt to read at a time. 32 // TODO(ricea): See if there is a better number or algorithm to fulfill our 33 // requirements: 34 // 1. We would like to use minimal memory on low-bandwidth or idle connections 35 // 2. We would like to read as close to line speed as possible on 36 // high-bandwidth connections 37 // 3. We can't afford to cause jank on the IO thread by copying large buffers 38 // around 39 // 4. We would like to hit any sweet-spots that might exist in terms of network 40 // packet sizes / encryption block sizes / IPC alignment issues, etc. 41 const int kReadBufferSize = 32 * 1024; 42 43 typedef ScopedVector<WebSocketFrame>::const_iterator WebSocketFrameIterator; 44 45 // Returns the total serialized size of |frames|. This function assumes that 46 // |frames| will be serialized with mask field. This function forces the 47 // masked bit of the frames on. 48 int CalculateSerializedSizeAndTurnOnMaskBit( 49 ScopedVector<WebSocketFrame>* frames) { 50 const int kMaximumTotalSize = std::numeric_limits<int>::max(); 51 52 int total_size = 0; 53 for (WebSocketFrameIterator it = frames->begin(); it != frames->end(); ++it) { 54 WebSocketFrame* frame = *it; 55 // Force the masked bit on. 56 frame->header.masked = true; 57 // We enforce flow control so the renderer should never be able to force us 58 // to cache anywhere near 2GB of frames. 59 int frame_size = frame->header.payload_length + 60 GetWebSocketFrameHeaderSize(frame->header); 61 CHECK_GE(kMaximumTotalSize - total_size, frame_size) 62 << "Aborting to prevent overflow"; 63 total_size += frame_size; 64 } 65 return total_size; 66 } 67 68 } // namespace 69 70 WebSocketBasicStream::WebSocketBasicStream( 71 scoped_ptr<ClientSocketHandle> connection, 72 const scoped_refptr<GrowableIOBuffer>& http_read_buffer, 73 const std::string& sub_protocol, 74 const std::string& extensions) 75 : read_buffer_(new IOBufferWithSize(kReadBufferSize)), 76 connection_(connection.Pass()), 77 http_read_buffer_(http_read_buffer), 78 sub_protocol_(sub_protocol), 79 extensions_(extensions), 80 generate_websocket_masking_key_(&GenerateWebSocketMaskingKey) { 81 // http_read_buffer_ should not be set if it contains no data. 82 if (http_read_buffer_ && http_read_buffer_->offset() == 0) 83 http_read_buffer_ = NULL; 84 DCHECK(connection_->is_initialized()); 85 } 86 87 WebSocketBasicStream::~WebSocketBasicStream() { Close(); } 88 89 int WebSocketBasicStream::ReadFrames(ScopedVector<WebSocketFrame>* frames, 90 const CompletionCallback& callback) { 91 DCHECK(frames->empty()); 92 // If there is data left over after parsing the HTTP headers, attempt to parse 93 // it as WebSocket frames. 94 if (http_read_buffer_) { 95 DCHECK_GE(http_read_buffer_->offset(), 0); 96 // We cannot simply copy the data into read_buffer_, as it might be too 97 // large. 98 scoped_refptr<GrowableIOBuffer> buffered_data; 99 buffered_data.swap(http_read_buffer_); 100 DCHECK(http_read_buffer_.get() == NULL); 101 ScopedVector<WebSocketFrameChunk> frame_chunks; 102 if (!parser_.Decode(buffered_data->StartOfBuffer(), 103 buffered_data->offset(), 104 &frame_chunks)) 105 return WebSocketErrorToNetError(parser_.websocket_error()); 106 if (!frame_chunks.empty()) { 107 int result = ConvertChunksToFrames(&frame_chunks, frames); 108 if (result != ERR_IO_PENDING) 109 return result; 110 } 111 } 112 113 // Run until socket stops giving us data or we get some frames. 114 while (true) { 115 // base::Unretained(this) here is safe because net::Socket guarantees not to 116 // call any callbacks after Disconnect(), which we call from the 117 // destructor. The caller of ReadFrames() is required to keep |frames| 118 // valid. 119 int result = connection_->socket()->Read( 120 read_buffer_.get(), 121 read_buffer_->size(), 122 base::Bind(&WebSocketBasicStream::OnReadComplete, 123 base::Unretained(this), 124 base::Unretained(frames), 125 callback)); 126 if (result == ERR_IO_PENDING) 127 return result; 128 result = HandleReadResult(result, frames); 129 if (result != ERR_IO_PENDING) 130 return result; 131 DCHECK(frames->empty()); 132 } 133 } 134 135 int WebSocketBasicStream::WriteFrames(ScopedVector<WebSocketFrame>* frames, 136 const CompletionCallback& callback) { 137 // This function always concatenates all frames into a single buffer. 138 // TODO(ricea): Investigate whether it would be better in some cases to 139 // perform multiple writes with smaller buffers. 140 // 141 // First calculate the size of the buffer we need to allocate. 142 int total_size = CalculateSerializedSizeAndTurnOnMaskBit(frames); 143 scoped_refptr<IOBufferWithSize> combined_buffer( 144 new IOBufferWithSize(total_size)); 145 146 char* dest = combined_buffer->data(); 147 int remaining_size = total_size; 148 for (WebSocketFrameIterator it = frames->begin(); it != frames->end(); ++it) { 149 WebSocketFrame* frame = *it; 150 WebSocketMaskingKey mask = generate_websocket_masking_key_(); 151 int result = 152 WriteWebSocketFrameHeader(frame->header, &mask, dest, remaining_size); 153 DCHECK_NE(ERR_INVALID_ARGUMENT, result) 154 << "WriteWebSocketFrameHeader() says that " << remaining_size 155 << " is not enough to write the header in. This should not happen."; 156 CHECK_GE(result, 0) << "Potentially security-critical check failed"; 157 dest += result; 158 remaining_size -= result; 159 160 const char* const frame_data = frame->data->data(); 161 const int frame_size = frame->header.payload_length; 162 CHECK_GE(remaining_size, frame_size); 163 std::copy(frame_data, frame_data + frame_size, dest); 164 MaskWebSocketFramePayload(mask, 0, dest, frame_size); 165 dest += frame_size; 166 remaining_size -= frame_size; 167 } 168 DCHECK_EQ(0, remaining_size) << "Buffer size calculation was wrong; " 169 << remaining_size << " bytes left over."; 170 scoped_refptr<DrainableIOBuffer> drainable_buffer( 171 new DrainableIOBuffer(combined_buffer, total_size)); 172 return WriteEverything(drainable_buffer, callback); 173 } 174 175 void WebSocketBasicStream::Close() { connection_->socket()->Disconnect(); } 176 177 std::string WebSocketBasicStream::GetSubProtocol() const { 178 return sub_protocol_; 179 } 180 181 std::string WebSocketBasicStream::GetExtensions() const { return extensions_; } 182 183 /*static*/ 184 scoped_ptr<WebSocketBasicStream> 185 WebSocketBasicStream::CreateWebSocketBasicStreamForTesting( 186 scoped_ptr<ClientSocketHandle> connection, 187 const scoped_refptr<GrowableIOBuffer>& http_read_buffer, 188 const std::string& sub_protocol, 189 const std::string& extensions, 190 WebSocketMaskingKeyGeneratorFunction key_generator_function) { 191 scoped_ptr<WebSocketBasicStream> stream(new WebSocketBasicStream( 192 connection.Pass(), http_read_buffer, sub_protocol, extensions)); 193 stream->generate_websocket_masking_key_ = key_generator_function; 194 return stream.Pass(); 195 } 196 197 int WebSocketBasicStream::WriteEverything( 198 const scoped_refptr<DrainableIOBuffer>& buffer, 199 const CompletionCallback& callback) { 200 while (buffer->BytesRemaining() > 0) { 201 // The use of base::Unretained() here is safe because on destruction we 202 // disconnect the socket, preventing any further callbacks. 203 int result = connection_->socket()->Write( 204 buffer.get(), 205 buffer->BytesRemaining(), 206 base::Bind(&WebSocketBasicStream::OnWriteComplete, 207 base::Unretained(this), 208 buffer, 209 callback)); 210 if (result > 0) { 211 buffer->DidConsume(result); 212 } else { 213 return result; 214 } 215 } 216 return OK; 217 } 218 219 void WebSocketBasicStream::OnWriteComplete( 220 const scoped_refptr<DrainableIOBuffer>& buffer, 221 const CompletionCallback& callback, 222 int result) { 223 if (result < 0) { 224 DCHECK_NE(ERR_IO_PENDING, result); 225 callback.Run(result); 226 return; 227 } 228 229 DCHECK_NE(0, result); 230 buffer->DidConsume(result); 231 result = WriteEverything(buffer, callback); 232 if (result != ERR_IO_PENDING) 233 callback.Run(result); 234 } 235 236 int WebSocketBasicStream::HandleReadResult( 237 int result, 238 ScopedVector<WebSocketFrame>* frames) { 239 DCHECK_NE(ERR_IO_PENDING, result); 240 DCHECK(frames->empty()); 241 if (result < 0) 242 return result; 243 if (result == 0) 244 return ERR_CONNECTION_CLOSED; 245 ScopedVector<WebSocketFrameChunk> frame_chunks; 246 if (!parser_.Decode(read_buffer_->data(), result, &frame_chunks)) 247 return WebSocketErrorToNetError(parser_.websocket_error()); 248 if (frame_chunks.empty()) 249 return ERR_IO_PENDING; 250 return ConvertChunksToFrames(&frame_chunks, frames); 251 } 252 253 int WebSocketBasicStream::ConvertChunksToFrames( 254 ScopedVector<WebSocketFrameChunk>* frame_chunks, 255 ScopedVector<WebSocketFrame>* frames) { 256 for (size_t i = 0; i < frame_chunks->size(); ++i) { 257 scoped_ptr<WebSocketFrame> frame; 258 int result = ConvertChunkToFrame( 259 scoped_ptr<WebSocketFrameChunk>((*frame_chunks)[i]), &frame); 260 (*frame_chunks)[i] = NULL; 261 if (result != OK) 262 return result; 263 if (frame) 264 frames->push_back(frame.release()); 265 } 266 // All the elements of |frame_chunks| are now NULL, so there is no point in 267 // calling delete on them all. 268 frame_chunks->weak_clear(); 269 if (frames->empty()) 270 return ERR_IO_PENDING; 271 return OK; 272 } 273 274 int WebSocketBasicStream::ConvertChunkToFrame( 275 scoped_ptr<WebSocketFrameChunk> chunk, 276 scoped_ptr<WebSocketFrame>* frame) { 277 DCHECK(frame->get() == NULL); 278 bool is_first_chunk = false; 279 if (chunk->header) { 280 DCHECK(current_frame_header_ == NULL) 281 << "Received the header for a new frame without notification that " 282 << "the previous frame was complete (bug in WebSocketFrameParser?)"; 283 is_first_chunk = true; 284 current_frame_header_.swap(chunk->header); 285 } 286 const int chunk_size = chunk->data ? chunk->data->size() : 0; 287 DCHECK(current_frame_header_) << "Unexpected header-less chunk received " 288 << "(final_chunk = " << chunk->final_chunk 289 << ", data size = " << chunk_size 290 << ") (bug in WebSocketFrameParser?)"; 291 scoped_refptr<IOBufferWithSize> data_buffer; 292 data_buffer.swap(chunk->data); 293 const bool is_final_chunk = chunk->final_chunk; 294 const WebSocketFrameHeader::OpCode opcode = current_frame_header_->opcode; 295 if (WebSocketFrameHeader::IsKnownControlOpCode(opcode)) { 296 bool protocol_error = false; 297 if (!current_frame_header_->final) { 298 DVLOG(1) << "WebSocket protocol error. Control frame, opcode=" << opcode 299 << " received with FIN bit unset."; 300 protocol_error = true; 301 } 302 if (current_frame_header_->payload_length > kMaxControlFramePayload) { 303 DVLOG(1) << "WebSocket protocol error. Control frame, opcode=" << opcode 304 << ", payload_length=" << current_frame_header_->payload_length 305 << " exceeds maximum payload length for a control message."; 306 protocol_error = true; 307 } 308 if (protocol_error) { 309 current_frame_header_.reset(); 310 return ERR_WS_PROTOCOL_ERROR; 311 } 312 if (!is_final_chunk) { 313 DVLOG(2) << "Encountered a split control frame, opcode " << opcode; 314 if (incomplete_control_frame_body_) { 315 DVLOG(3) << "Appending to an existing split control frame."; 316 AddToIncompleteControlFrameBody(data_buffer); 317 } else { 318 DVLOG(3) << "Creating new storage for an incomplete control frame."; 319 incomplete_control_frame_body_ = new GrowableIOBuffer(); 320 // This method checks for oversize control frames above, so as long as 321 // the frame parser is working correctly, this won't overflow. If a bug 322 // does cause it to overflow, it will CHECK() in 323 // AddToIncompleteControlFrameBody() without writing outside the buffer. 324 incomplete_control_frame_body_->SetCapacity(kMaxControlFramePayload); 325 AddToIncompleteControlFrameBody(data_buffer); 326 } 327 return OK; 328 } 329 if (incomplete_control_frame_body_) { 330 DVLOG(2) << "Rejoining a split control frame, opcode " << opcode; 331 AddToIncompleteControlFrameBody(data_buffer); 332 const int body_size = incomplete_control_frame_body_->offset(); 333 DCHECK_EQ(body_size, 334 static_cast<int>(current_frame_header_->payload_length)); 335 scoped_refptr<IOBufferWithSize> body = new IOBufferWithSize(body_size); 336 memcpy(body->data(), 337 incomplete_control_frame_body_->StartOfBuffer(), 338 body_size); 339 incomplete_control_frame_body_ = NULL; // Frame now complete. 340 DCHECK(is_final_chunk); 341 *frame = CreateFrame(is_final_chunk, body); 342 return OK; 343 } 344 } 345 346 // Apply basic sanity checks to the |payload_length| field from the frame 347 // header. A check for exact equality can only be used when the whole frame 348 // arrives in one chunk. 349 DCHECK_GE(current_frame_header_->payload_length, 350 base::checked_numeric_cast<uint64>(chunk_size)); 351 DCHECK(!is_first_chunk || !is_final_chunk || 352 current_frame_header_->payload_length == 353 base::checked_numeric_cast<uint64>(chunk_size)); 354 355 // Convert the chunk to a complete frame. 356 *frame = CreateFrame(is_final_chunk, data_buffer); 357 return OK; 358 } 359 360 scoped_ptr<WebSocketFrame> WebSocketBasicStream::CreateFrame( 361 bool is_final_chunk, 362 const scoped_refptr<IOBufferWithSize>& data) { 363 scoped_ptr<WebSocketFrame> result_frame; 364 const bool is_final_chunk_in_message = 365 is_final_chunk && current_frame_header_->final; 366 const int data_size = data ? data->size() : 0; 367 const WebSocketFrameHeader::OpCode opcode = current_frame_header_->opcode; 368 // Empty frames convey no useful information unless they are the first frame 369 // (containing the type and flags) or have the "final" bit set. 370 if (is_final_chunk_in_message || data_size > 0 || 371 current_frame_header_->opcode != 372 WebSocketFrameHeader::kOpCodeContinuation) { 373 result_frame.reset(new WebSocketFrame(opcode)); 374 result_frame->header.CopyFrom(*current_frame_header_); 375 result_frame->header.final = is_final_chunk_in_message; 376 result_frame->header.payload_length = data_size; 377 result_frame->data = data; 378 // Ensure that opcodes Text and Binary are only used for the first frame in 379 // the message. 380 if (WebSocketFrameHeader::IsKnownDataOpCode(opcode)) 381 current_frame_header_->opcode = WebSocketFrameHeader::kOpCodeContinuation; 382 } 383 // Make sure that a frame header is not applied to any chunks that do not 384 // belong to it. 385 if (is_final_chunk) 386 current_frame_header_.reset(); 387 return result_frame.Pass(); 388 } 389 390 void WebSocketBasicStream::AddToIncompleteControlFrameBody( 391 const scoped_refptr<IOBufferWithSize>& data_buffer) { 392 if (!data_buffer) 393 return; 394 const int new_offset = 395 incomplete_control_frame_body_->offset() + data_buffer->size(); 396 CHECK_GE(incomplete_control_frame_body_->capacity(), new_offset) 397 << "Control frame body larger than frame header indicates; frame parser " 398 "bug?"; 399 memcpy(incomplete_control_frame_body_->data(), 400 data_buffer->data(), 401 data_buffer->size()); 402 incomplete_control_frame_body_->set_offset(new_offset); 403 } 404 405 void WebSocketBasicStream::OnReadComplete(ScopedVector<WebSocketFrame>* frames, 406 const CompletionCallback& callback, 407 int result) { 408 result = HandleReadResult(result, frames); 409 if (result == ERR_IO_PENDING) 410 result = ReadFrames(frames, callback); 411 if (result != ERR_IO_PENDING) 412 callback.Run(result); 413 } 414 415 } // namespace net 416
