Skip to content

websocket: don't use pooled buffer in mask pool #3357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jun 23, 2024
Merged

websocket: don't use pooled buffer in mask pool #3357

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
97b5ba2
websocket: don't use pooled buffer in mask pool
tsctx Jun 22, 2024
abc6323
add test
tsctx Jun 22, 2024
cae53bc
fixup
tsctx Jun 22, 2024
071528e
fixup
tsctx Jun 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/web/websocket/frame.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ try {
function generateMask () {
if (bufIdx === BUFFER_SIZE) {
bufIdx = 0
crypto.randomFillSync((buffer ??= Buffer.allocUnsafe(BUFFER_SIZE)), 0, BUFFER_SIZE)
crypto.randomFillSync((buffer ??= Buffer.allocUnsafeSlow(BUFFER_SIZE)), 0, BUFFER_SIZE)
Copy link
Member Author

@tsctx tsctx Jun 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem, but with the current code, I have some concerns.

Copy link
Member

@mcollina mcollina Jun 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see them, unless we acess buffer.buffer anywhere

Copy link
Member Author

@tsctx tsctx Jun 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If they access it, they can rewrite the mask, right?

Copy link
Member Author

@tsctx tsctx Jun 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

example:

import { WebSocket } from './index.js'

Buffer.poolSize = 16386 * 4

// any echo server url
const u = new WebSocket('ws://localhost:3000')

u.onmessage = (data) => {
  // The mask can be rewritten here.
  new Uint8Array(Buffer.allocUnsafe(1).buffer).fill(0)
  u.send('Hi')
}
u.onopen = () => {
  u.send('Hi')
}

}
return [buffer[bufIdx++], buffer[bufIdx++], buffer[bufIdx++], buffer[bufIdx++]]
}
Expand Down
17 changes: 17 additions & 0 deletions test/websocket/frame.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,23 @@ const assert = require('node:assert')
const { WebsocketFrameSend } = require('../../lib/web/websocket/frame')
const { opcodes } = require('../../lib/web/websocket/constants')

// Always be above all tests.
test('Don not use pooled buffer in mask pool', () => {
const allocUnsafe = Buffer.allocUnsafe
let counter = 0
try {
Buffer.allocUnsafe = (n) => {
counter++
return allocUnsafe(n)
}
// create mask pool
new WebsocketFrameSend(Buffer.alloc(0)).createFrame(opcodes.BINARY)
assert.strictEqual(counter, 1)
} finally {
Buffer.allocUnsafe = allocUnsafe
}
})

test('Writing 16-bit frame length value at correct offset when buffer has a non-zero byteOffset', () => {
/*
When writing 16-bit frame lengths, a `DataView` was being used without setting a `byteOffset` into the buffer:
Expand Down