introduce-k-switch-defeat-masking.patch
Signed-off-by: Andy Green <andy@warmcat.com>
diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c
index 403a7f6..c88715e 100644
--- a/lib/libwebsockets.c
+++ b/lib/libwebsockets.c
@@ -635,7 +635,7 @@
struct libwebsocket_protocols *protocols,
const char *ssl_cert_filepath,
const char *ssl_private_key_filepath,
- int gid, int uid)
+ int gid, int uid, unsigned int options)
{
int n;
int sockfd = 0;
@@ -662,6 +662,7 @@
this->listen_port = port;
this->http_proxy_port = 0;
this->http_proxy_address[0] = '\0';
+ this->options = options;
/* find canonical hostname */
diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h
index 5700a04..e579303 100644
--- a/lib/libwebsockets.h
+++ b/lib/libwebsockets.h
@@ -24,6 +24,8 @@
#define CONTEXT_PORT_NO_LISTEN 0
+#define LWS_SERVER_OPTION_DEFEAT_CLIENT_MASK 1
+
enum libwebsocket_callback_reasons {
LWS_CALLBACK_ESTABLISHED,
LWS_CALLBACK_CLIENT_ESTABLISHED,
@@ -174,7 +176,8 @@
libwebsocket_create_context(int port,
struct libwebsocket_protocols *protocols,
const char *ssl_cert_filepath,
- const char *ssl_private_key_filepath, int gid, int uid);
+ const char *ssl_private_key_filepath, int gid, int uid,
+ unsigned int options);
extern void
libwebsocket_context_destroy(struct libwebsocket_context *this);
diff --git a/lib/parsers.c b/lib/parsers.c
index a97e75a..b1c45a0 100644
--- a/lib/parsers.c
+++ b/lib/parsers.c
@@ -223,6 +223,10 @@
static inline unsigned char
xor_mask(struct libwebsocket *wsi, unsigned char c)
{
+ if (wsi->protocol->owning_server->options &
+ LWS_SERVER_OPTION_DEFEAT_CLIENT_MASK)
+ return c;
+
c ^= wsi->masking_key_04[wsi->frame_mask_index++];
if (wsi->frame_mask_index == 20)
wsi->frame_mask_index = 0;
@@ -267,6 +271,10 @@
case LWS_RXPS_04_MASK_NONCE_3:
wsi->frame_masking_nonce_04[3] = c;
+ if (wsi->protocol->owning_server->options &
+ LWS_SERVER_OPTION_DEFEAT_CLIENT_MASK)
+ goto post_mask;
+
/*
* we are able to compute the frame key now
* it's a SHA1 of ( frame nonce we were just sent, concatenated
@@ -296,6 +304,7 @@
wsi->frame_mask_index = 0;
+post_mask:
wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_1;
break;
diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h
index 6a5df59..c2010f9 100644
--- a/lib/private-libwebsockets.h
+++ b/lib/private-libwebsockets.h
@@ -172,6 +172,7 @@
char http_proxy_address[256];
char canonical_hostname[1024];
unsigned int http_proxy_port;
+ unsigned int options;
#ifdef LWS_OPENSSL_SUPPORT
int use_ssl;
SSL_CTX *ssl_ctx;
diff --git a/libwebsockets-api-doc.html b/libwebsockets-api-doc.html
index f3ee10e..b98904f 100644
--- a/libwebsockets-api-doc.html
+++ b/libwebsockets-api-doc.html
@@ -137,7 +137,8 @@
<i>const char *</i> <b>ssl_cert_filepath</b>,
<i>const char *</i> <b>ssl_private_key_filepath</b>,
<i>int</i> <b>gid</b>,
-<i>int</i> <b>uid</b>)
+<i>int</i> <b>uid</b>,
+<i>unsigned int</i> <b>options</b>)
<h3>Arguments</h3>
<dl>
<dt><b>port</b>
diff --git a/test-server/test-client.c b/test-server/test-client.c
index b503343..ada5a0e 100644
--- a/test-server/test-client.c
+++ b/test-server/test-client.c
@@ -203,7 +203,7 @@
*/
context = libwebsocket_create_context(CONTEXT_PORT_NO_LISTEN,
- protocols, NULL, NULL, -1, -1);
+ protocols, NULL, NULL, -1, -1, 0);
if (context == NULL) {
fprintf(stderr, "Creating libwebsocket context failed\n");
return 1;
diff --git a/test-server/test-ping.c b/test-server/test-ping.c
index b2a8684..e1cb0ad 100644
--- a/test-server/test-ping.c
+++ b/test-server/test-ping.c
@@ -56,6 +56,7 @@
static unsigned long started;
static int screen_width = 80;
static int use_mirror;
+static unsigned int write_options;
static unsigned long rtt_min = 100000000;
static unsigned long rtt_max;
@@ -232,11 +233,11 @@
if (use_mirror)
libwebsocket_write(wsi,
&pingbuf[LWS_SEND_BUFFER_PRE_PADDING],
- size, LWS_WRITE_BINARY);
+ size, write_options | LWS_WRITE_BINARY);
else
libwebsocket_write(wsi,
&pingbuf[LWS_SEND_BUFFER_PRE_PADDING],
- size, LWS_WRITE_PING);
+ size, write_options | LWS_WRITE_PING);
if (flood &&
(psd->ping_index - psd->rx_count) < (screen_width - 1))
@@ -275,6 +276,7 @@
{ "flood", no_argument, NULL, 'f' },
{ "mirror", no_argument, NULL, 'm' },
{ "replicate", required_argument, NULL, 'r' },
+ { "killmask", no_argument, NULL, 'k' },
{ NULL, 0, 0, 0 }
};
@@ -316,7 +318,7 @@
optind++;
while (n >= 0) {
- n = getopt_long(argc, argv, "r:hmfts:n:i:p:", options, NULL);
+ n = getopt_long(argc, argv, "kr:hmfts:n:i:p:", options, NULL);
if (n < 0)
continue;
switch (n) {
@@ -351,6 +353,10 @@
return 1;
}
break;
+ case 'k':
+ write_options = LWS_WRITE_CLIENT_IGNORE_XOR_MASK;
+ break;
+
case 'h':
goto usage;
}
@@ -377,7 +383,7 @@
screen_width = w.ws_col;
context = libwebsocket_create_context(CONTEXT_PORT_NO_LISTEN,
- protocols, NULL, NULL, -1, -1);
+ protocols, NULL, NULL, -1, -1, 0);
if (context == NULL) {
fprintf(stderr, "Creating libwebsocket context failed\n");
return 1;
@@ -454,7 +460,8 @@
if (!interrupted_time) {
if ((l - oldus) > interval_us) {
for (n = 0; n < clients; n++)
- libwebsocket_callback_on_writable(wsi[n]);
+ libwebsocket_callback_on_writable(
+ wsi[n]);
oldus = l;
}
} else
diff --git a/test-server/test-server.c b/test-server/test-server.c
index 4f4512f..4422d82 100644
--- a/test-server/test-server.c
+++ b/test-server/test-server.c
@@ -278,6 +278,7 @@
{ "help", no_argument, NULL, 'h' },
{ "port", required_argument, NULL, 'p' },
{ "ssl", no_argument, NULL, 's' },
+ { "killmask", no_argument, NULL, 'k' },
{ NULL, 0, 0, 0 }
};
@@ -293,6 +294,7 @@
int port = 7681;
int use_ssl = 0;
struct libwebsocket_context *context;
+ int opts = 0;
#ifdef LWS_NO_FORK
unsigned int oldus = 0;
#endif
@@ -302,13 +304,16 @@
"licensed under LGPL2.1\n");
while (n >= 0) {
- n = getopt_long(argc, argv, "hsp:", options, NULL);
+ n = getopt_long(argc, argv, "khsp:", options, NULL);
if (n < 0)
continue;
switch (n) {
case 's':
use_ssl = 1;
break;
+ case 'k':
+ opts = LWS_SERVER_OPTION_DEFEAT_CLIENT_MASK;
+ break;
case 'p':
port = atoi(optarg);
break;
@@ -323,7 +328,7 @@
cert_path = key_path = NULL;
context = libwebsocket_create_context(port, protocols, cert_path,
- key_path, -1, -1);
+ key_path, -1, -1, opts);
if (context == NULL) {
fprintf(stderr, "libwebsocket init failed\n");
return -1;