1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/websockets/websocket_frame_parser.h" 6 7 #include <algorithm> 8 #include <limits> 9 10 #include "base/basictypes.h" 11 #include "base/big_endian.h" 12 #include "base/logging.h" 13 #include "base/memory/ref_counted.h" 14 #include "base/memory/scoped_ptr.h" 15 #include "base/memory/scoped_vector.h" 16 #include "net/base/io_buffer.h" 17 #include "net/websockets/websocket_frame.h" 18 19 namespace { 20 21 const uint8 kFinalBit = 0x80; 22 const uint8 kReserved1Bit = 0x40; 23 const uint8 kReserved2Bit = 0x20; 24 const uint8 kReserved3Bit = 0x10; 25 const uint8 kOpCodeMask = 0xF; 26 const uint8 kMaskBit = 0x80; 27 const uint8 kPayloadLengthMask = 0x7F; 28 const uint64 kMaxPayloadLengthWithoutExtendedLengthField = 125; 29 const uint64 kPayloadLengthWithTwoByteExtendedLengthField = 126; 30 const uint64 kPayloadLengthWithEightByteExtendedLengthField = 127; 31 32 } // Unnamed namespace. 33 34 namespace net { 35 36 WebSocketFrameParser::WebSocketFrameParser() 37 : current_read_pos_(0), 38 frame_offset_(0), 39 websocket_error_(kWebSocketNormalClosure) { 40 std::fill(masking_key_.key, 41 masking_key_.key + WebSocketFrameHeader::kMaskingKeyLength, 42 '\0'); 43 } 44 45 WebSocketFrameParser::~WebSocketFrameParser() {} 46 47 bool WebSocketFrameParser::Decode( 48 const char* data, 49 size_t length, 50 ScopedVector<WebSocketFrameChunk>* frame_chunks) { 51 if (websocket_error_ != kWebSocketNormalClosure) 52 return false; 53 if (!length) 54 return true; 55 56 // TODO(yutak): Remove copy. 57 buffer_.insert(buffer_.end(), data, data + length); 58 59 while (current_read_pos_ < buffer_.size()) { 60 bool first_chunk = false; 61 if (!current_frame_header_.get()) { 62 DecodeFrameHeader(); 63 if (websocket_error_ != kWebSocketNormalClosure) 64 return false; 65 // If frame header is incomplete, then carry over the remaining 66 // data to the next round of Decode(). 67 if (!current_frame_header_.get()) 68 break; 69 first_chunk = true; 70 } 71 72 scoped_ptr<WebSocketFrameChunk> frame_chunk = 73 DecodeFramePayload(first_chunk); 74 DCHECK(frame_chunk.get()); 75 frame_chunks->push_back(frame_chunk.release()); 76 77 if (current_frame_header_.get()) { 78 DCHECK(current_read_pos_ == buffer_.size()); 79 break; 80 } 81 } 82 83 // Drain unnecessary data. TODO(yutak): Remove copy. (but how?) 84 buffer_.erase(buffer_.begin(), buffer_.begin() + current_read_pos_); 85 current_read_pos_ = 0; 86 87 // Sanity check: the size of carried-over data should not exceed 88 // the maximum possible length of a frame header. 89 static const size_t kMaximumFrameHeaderSize = 90 WebSocketFrameHeader::kBaseHeaderSize + 91 WebSocketFrameHeader::kMaximumExtendedLengthSize + 92 WebSocketFrameHeader::kMaskingKeyLength; 93 DCHECK_LT(buffer_.size(), kMaximumFrameHeaderSize); 94 95 return true; 96 } 97 98 void WebSocketFrameParser::DecodeFrameHeader() { 99 typedef WebSocketFrameHeader::OpCode OpCode; 100 static const int kMaskingKeyLength = WebSocketFrameHeader::kMaskingKeyLength; 101 102 DCHECK(!current_frame_header_.get()); 103 104 const char* start = &buffer_.front() + current_read_pos_; 105 const char* current = start; 106 const char* end = &buffer_.front() + buffer_.size(); 107 108 // Header needs 2 bytes at minimum. 109 if (end - current < 2) 110 return; 111 112 uint8 first_byte = *current++; 113 uint8 second_byte = *current++; 114 115 bool final = (first_byte & kFinalBit) != 0; 116 bool reserved1 = (first_byte & kReserved1Bit) != 0; 117 bool reserved2 = (first_byte & kReserved2Bit) != 0; 118 bool reserved3 = (first_byte & kReserved3Bit) != 0; 119 OpCode opcode = first_byte & kOpCodeMask; 120 121 bool masked = (second_byte & kMaskBit) != 0; 122 uint64 payload_length = second_byte & kPayloadLengthMask; 123 if (payload_length == kPayloadLengthWithTwoByteExtendedLengthField) { 124 if (end - current < 2) 125 return; 126 uint16 payload_length_16; 127 base::ReadBigEndian(current, &payload_length_16); 128 current += 2; 129 payload_length = payload_length_16; 130 if (payload_length <= kMaxPayloadLengthWithoutExtendedLengthField) 131 websocket_error_ = kWebSocketErrorProtocolError; 132 } else if (payload_length == kPayloadLengthWithEightByteExtendedLengthField) { 133 if (end - current < 8) 134 return; 135 base::ReadBigEndian(current, &payload_length); 136 current += 8; 137 if (payload_length <= kuint16max || 138 payload_length > static_cast<uint64>(kint64max)) { 139 websocket_error_ = kWebSocketErrorProtocolError; 140 } else if (payload_length > static_cast<uint64>(kint32max)) { 141 websocket_error_ = kWebSocketErrorMessageTooBig; 142 } 143 } 144 if (websocket_error_ != kWebSocketNormalClosure) { 145 buffer_.clear(); 146 current_read_pos_ = 0; 147 current_frame_header_.reset(); 148 frame_offset_ = 0; 149 return; 150 } 151 152 if (masked) { 153 if (end - current < kMaskingKeyLength) 154 return; 155 std::copy(current, current + kMaskingKeyLength, masking_key_.key); 156 current += kMaskingKeyLength; 157 } else { 158 std::fill(masking_key_.key, masking_key_.key + kMaskingKeyLength, '\0'); 159 } 160 161 current_frame_header_.reset(new WebSocketFrameHeader(opcode)); 162 current_frame_header_->final = final; 163 current_frame_header_->reserved1 = reserved1; 164 current_frame_header_->reserved2 = reserved2; 165 current_frame_header_->reserved3 = reserved3; 166 current_frame_header_->masked = masked; 167 current_frame_header_->payload_length = payload_length; 168 current_read_pos_ += current - start; 169 DCHECK_EQ(0u, frame_offset_); 170 } 171 172 scoped_ptr<WebSocketFrameChunk> WebSocketFrameParser::DecodeFramePayload( 173 bool first_chunk) { 174 const char* current = &buffer_.front() + current_read_pos_; 175 const char* end = &buffer_.front() + buffer_.size(); 176 uint64 next_size = std::min<uint64>( 177 end - current, current_frame_header_->payload_length - frame_offset_); 178 // This check must pass because |payload_length| is already checked to be 179 // less than std::numeric_limits<int>::max() when the header is parsed. 180 DCHECK_LE(next_size, static_cast<uint64>(kint32max)); 181 182 scoped_ptr<WebSocketFrameChunk> frame_chunk(new WebSocketFrameChunk); 183 if (first_chunk) { 184 frame_chunk->header = current_frame_header_->Clone(); 185 } 186 frame_chunk->final_chunk = false; 187 if (next_size) { 188 frame_chunk->data = new IOBufferWithSize(static_cast<int>(next_size)); 189 char* io_data = frame_chunk->data->data(); 190 memcpy(io_data, current, next_size); 191 if (current_frame_header_->masked) { 192 // The masking function is its own inverse, so we use the same function to 193 // unmask as to mask. 194 MaskWebSocketFramePayload( 195 masking_key_, frame_offset_, io_data, next_size); 196 } 197 198 current_read_pos_ += next_size; 199 frame_offset_ += next_size; 200 } 201 202 DCHECK_LE(frame_offset_, current_frame_header_->payload_length); 203 if (frame_offset_ == current_frame_header_->payload_length) { 204 frame_chunk->final_chunk = true; 205 current_frame_header_.reset(); 206 frame_offset_ = 0; 207 } 208 209 return frame_chunk.Pass(); 210 } 211 212 } // namespace net 213
