NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commitdc46ff4

authored

fix: ensure websocket close messages are truncated to 123 bytes (#779)

It's possible for websocket close messages to be too long, which causethem to silently fail without a proper close message. See error below:```2022-03-31 17:08:34.862 [INFO](stdlib)<close_notjs.go:72>"2022/03/31 17:08:34 websocket: failed to marshal close frame: reason string max is 123 but got \"insert provisioner daemon:Cannot encode []database.ProvisionerType into oid 19098 - []database.ProvisionerType must implement Encoder or be converted to a string\" with length 161"```

1 parent4601a35 commitdc46ff4Copy full SHA for dc46ff4

File tree

7 files changed

+52

-12

lines changed

7 files changed

+52

-12

lines changed

`‎cli/configssh_test.go`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -4,10 +4,11 @@ import (`
`4`	`4`	`"os"`
`5`	`5`	`"testing"`
`6`	`6`
	`7`	`+"github.com/stretchr/testify/require"`
	`8`	`+`
`7`	`9`	`"github.com/coder/coder/cli/clitest"`
`8`	`10`	`"github.com/coder/coder/coderd/coderdtest"`
`9`	`11`	`"github.com/coder/coder/pty/ptytest"`
`10`		`-"github.com/stretchr/testify/require"`
`11`	`12`	`)`
`12`	`13`
`13`	`14`	`funcTestConfigSSH(t*testing.T) {`

`‎cli/ssh.go`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -13,11 +13,12 @@ import (`
`13`	`13`	`gossh"golang.org/x/crypto/ssh"`
`14`	`14`	`"golang.org/x/xerrors"`
`15`	`15`
	`16`	`+"golang.org/x/crypto/ssh/terminal"`
	`17`	`+`
`16`	`18`	`"github.com/coder/coder/cli/cliflag"`
`17`	`19`	`"github.com/coder/coder/cli/cliui"`
`18`	`20`	`"github.com/coder/coder/coderd/database"`
`19`	`21`	`"github.com/coder/coder/codersdk"`
`20`		`-"golang.org/x/crypto/ssh/terminal"`
`21`	`22`	`)`
`22`	`23`
`23`	`24`	`funcssh()*cobra.Command {`

`‎coderd/httpapi/httpapi.go`

Lines changed: 18 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -115,3 +115,21 @@ func Read(rw http.ResponseWriter, r *http.Request, value interface{}) bool {`
`115`	`115`	`}`
`116`	`116`	`returntrue`
`117`	`117`	`}`
	`118`	`+`
	`119`	`+constwebsocketCloseMaxLen=123`
	`120`	`+`
	`121`	`+// WebsocketCloseSprintf formats a websocket close message and ensures it is`
	`122`	`+// truncated to the maximum allowed length.`
	`123`	`+funcWebsocketCloseSprintf(formatstring,vars...any)string {`
	`124`	`+msg:=fmt.Sprintf(format,vars...)`
	`125`	`+`
	`126`	`+// Cap msg length at 123 bytes. nhooyr/websocket only allows close messages`
	`127`	`+// of this length.`
	`128`	`+iflen(msg)>websocketCloseMaxLen {`
	`129`	`+// Trim the string to 123 bytes. If we accidentally cut in the middle of`
	`130`	`+// a UTF-8 character, remove it from the string.`
	`131`	`+returnstrings.ToValidUTF8(string(msg[123]),"")`
	`132`	`+}`
	`133`	`+`
	`134`	`+returnmsg`
	`135`	`+}`

`‎coderd/httpapi/httpapi_test.go`

Lines changed: 22 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,8 +5,10 @@ import (`
`5`	`5`	`"encoding/json"`
`6`	`6`	`"net/http"`
`7`	`7`	`"net/http/httptest"`
	`8`	`+"strings"`
`8`	`9`	`"testing"`
`9`	`10`
	`11`	`+"github.com/stretchr/testify/assert"`
`10`	`12`	`"github.com/stretchr/testify/require"`
`11`	`13`
`12`	`14`	`"github.com/coder/coder/coderd/httpapi"`
`@@ -142,3 +144,23 @@ func TestReadUsername(t *testing.T) {`
`142`	`144`	`})`
`143`	`145`	`}`
`144`	`146`	`}`
	`147`	`+`
	`148`	`+funcWebsocketCloseMsg(t*testing.T) {`
	`149`	`+t.Parallel()`
	`150`	`+`
	`151`	`+t.Run("TruncateSingleByteCharacters",func(t*testing.T) {`
	`152`	`+t.Parallel()`
	`153`	`+`
	`154`	`+msg:=strings.Repeat("d",255)`
	`155`	`+trunc:=httpapi.WebsocketCloseSprintf(msg)`
	`156`	`+assert.LessOrEqual(t,len(trunc),123)`
	`157`	`+})`
	`158`	`+`
	`159`	`+t.Run("TruncateMultiByteCharacters",func(t*testing.T) {`
	`160`	`+t.Parallel()`
	`161`	`+`
	`162`	`+msg:=strings.Repeat("こんにちは",10)`
	`163`	`+trunc:=httpapi.WebsocketCloseSprintf(msg)`
	`164`	`+assert.LessOrEqual(t,len(trunc),123)`
	`165`	`+})`
	`166`	`+}`

`‎coderd/provisionerdaemons.go`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ func (api api) provisionerDaemonsListen(rw http.ResponseWriter, r http.Request`
`56`	`56`	`Provisioners: []database.ProvisionerType{database.ProvisionerTypeEcho,database.ProvisionerTypeTerraform},`
`57`	`57`	`})`
`58`	`58`	`iferr!=nil {`
`59`		`-_=conn.Close(websocket.StatusInternalError,fmt.Sprintf("insert provisioner daemon:%s",err))`
	`59`	`+_=conn.Close(websocket.StatusInternalError,httpapi.WebsocketCloseSprintf("insert provisioner daemon: %s",err))`
`60`	`60`	`return`
`61`	`61`	`}`
`62`	`62`
`@@ -67,7 +67,7 @@ func (api api) provisionerDaemonsListen(rw http.ResponseWriter, r http.Request`
`67`	`67`	`config.LogOutput=io.Discard`
`68`	`68`	`session,err:=yamux.Server(websocket.NetConn(r.Context(),conn,websocket.MessageBinary),config)`
`69`	`69`	`iferr!=nil {`
`70`		`-_=conn.Close(websocket.StatusInternalError,fmt.Sprintf("multiplex server: %s",err))`
	`70`	`+_=conn.Close(websocket.StatusInternalError,httpapi.WebsocketCloseSprintf("multiplex server: %s",err))`
`71`	`71`	`return`
`72`	`72`	`}`
`73`	`73`	`mux:=drpcmux.New()`
`@@ -80,13 +80,13 @@ func (api api) provisionerDaemonsListen(rw http.ResponseWriter, r http.Request`
`80`	`80`	`Logger:api.Logger.Named(fmt.Sprintf("provisionerd-%s",daemon.Name)),`
`81`	`81`	`})`
`82`	`82`	`iferr!=nil {`
`83`		`-_=conn.Close(websocket.StatusInternalError,fmt.Sprintf("drpc register provisioner daemon: %s",err))`
	`83`	`+_=conn.Close(websocket.StatusInternalError,httpapi.WebsocketCloseSprintf("drpc register provisioner daemon: %s",err))`
`84`	`84`	`return`
`85`	`85`	`}`
`86`	`86`	`server:=drpcserver.New(mux)`
`87`	`87`	`err=server.Serve(r.Context(),session)`
`88`	`88`	`iferr!=nil {`
`89`		`-_=conn.Close(websocket.StatusInternalError,fmt.Sprintf("serve: %s",err))`
	`89`	`+_=conn.Close(websocket.StatusInternalError,httpapi.WebsocketCloseSprintf("serve: %s",err))`
`90`	`90`	`return`
`91`	`91`	`}`
`92`	`92`	`_=conn.Close(websocket.StatusGoingAway,"")`

`‎coderd/workspaceresources.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ func (api api) workspaceResourceDial(rw http.ResponseWriter, r http.Request) {`
`108`	`108`	`Pubsub:api.Pubsub,`
`109`	`109`	`})`
`110`	`110`	`iferr!=nil {`
`111`		`-_=conn.Close(websocket.StatusInternalError,fmt.Sprintf("serve: %s",err))`
	`111`	`+_=conn.Close(websocket.StatusInternalError,httpapi.WebsocketCloseSprintf("serve: %s",err))`
`112`	`112`	`return`
`113`	`113`	`}`
`114`	`114`	`}`

`‎provisioner/terraform/serve.go`

Lines changed: 3 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,16 +4,14 @@ import (`
`4`	`4`	`"context"`
`5`	`5`	`"path/filepath"`
`6`	`6`
	`7`	`+"github.com/cli/safeexec"`
`7`	`8`	`"github.com/hashicorp/go-version"`
	`9`	`+"github.com/hashicorp/hc-install/product"`
	`10`	`+"github.com/hashicorp/hc-install/releases"`
`8`	`11`	`"golang.org/x/xerrors"`
`9`	`12`
`10`	`13`	`"cdr.dev/slog"`
`11`		`-`
`12`		`-"github.com/cli/safeexec"`
`13`	`14`	`"github.com/coder/coder/provisionersdk"`
`14`		`-`
`15`		`-"github.com/hashicorp/hc-install/product"`
`16`		`-"github.com/hashicorp/hc-install/releases"`
`17`	`15`	`)`
`18`	`16`
`19`	`17`	`var (`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitdc46ff4

File tree

7 files changed

7 files changed

`‎cli/configssh_test.go`

`‎cli/ssh.go`

`‎coderd/httpapi/httpapi.go`

`‎coderd/httpapi/httpapi_test.go`

`‎coderd/provisionerdaemons.go`

`‎coderd/workspaceresources.go`

`‎provisioner/terraform/serve.go`

0 commit comments