Overview
Artifact ID: | accf016d7bdea544dc0edfed0c4b477d99da08cf |
---|---|
Ticket: | 631a44ed66fbb33373f1d5342a0ae5d1ba6dd38b
WebSocket clients can block server |
User & Date: | anonymous 2015-04-16 09:35:12 |
Changes
- assignee changed to: "nobody"
- closer changed to: "nobody"
- cmimetype changed to: "text/plain"
- comment changed to:
::websocket server socket is set to *blocking* mode. As a consequence, misbehaving clients can completely block the server if they refuse to read or write a complete message. The following recipe (*nix only) reproduces the issue. Two shells are needed, one to run a ::websocket server, the other to create a misbehaving client. In the first shell run the Tcl script below. The script creates a WebSocket server (handshake ommited) and prints a message at regular intervals; this message will stop being printed when the client blocks the server. ---------------->8---------------- package require websocket; namespace eval ::s {}; proc ::s::accept {sock args} { puts "server: new connection $args"; ::websocket::takeover $sock [list ::s::handler] 1 {}; } proc ::s::handler {sock type args} { puts "$sock: $type $args"; } proc ::s::canary {interval} { puts "canary: Still alive..."; ::after $interval [list ::s::canary $interval]; } ::s::canary 1000; ::socket -server [list ::s::accept] 54321; ::vwait forever; ----------------8<---------------- In the second shell run the following command: ---------------->8---------------- { echo -n 1; sleep 5s; } | nc localhost 54321 ----------------8<---------------- The server is blocked for 5 seconds.
- foundin changed to: "1.4"
- is_private changed to: "0"
- login: "anonymous"
- priority changed to: "5 Medium"
- private_contact changed to: "3410fe6f8504d01909e548b02e0cec50a5f7fab3"
- resolution changed to: "None"
- severity changed to: "Critical"
- status changed to: "Open"
- submitter changed to: "anonymous"
- subsystem changed to: "websocket"
- title changed to: "WebSocket clients can block server"
- type changed to: "Bug"