diff options
author | teravus | 2013-10-04 20:37:59 -0500 |
---|---|---|
committer | teravus | 2013-10-04 20:37:59 -0500 |
commit | 85593d8d25205344d512cbc976aa890a51f5f974 (patch) | |
tree | a81111b0deb8949386b62737a0211ffb0ee234d3 /OpenSim | |
parent | Added SimulatorFeatures/OpenSimExtras: say-range, whisper-range, shout-range,... (diff) | |
download | opensim-SC_OLD-85593d8d25205344d512cbc976aa890a51f5f974.zip opensim-SC_OLD-85593d8d25205344d512cbc976aa890a51f5f974.tar.gz opensim-SC_OLD-85593d8d25205344d512cbc976aa890a51f5f974.tar.bz2 opensim-SC_OLD-85593d8d25205344d512cbc976aa890a51f5f974.tar.xz |
* Add an initial complete frame timeout to the WebSocket processor to make it easier to write WebSocket service code that is resistant to Denial of Service attacks.
Diffstat (limited to 'OpenSim')
-rw-r--r-- | OpenSim/Framework/Servers/HttpServer/WebsocketServerHandler.cs | 67 |
1 files changed, 65 insertions, 2 deletions
diff --git a/OpenSim/Framework/Servers/HttpServer/WebsocketServerHandler.cs b/OpenSim/Framework/Servers/HttpServer/WebsocketServerHandler.cs index de89e2e..c2925e3 100644 --- a/OpenSim/Framework/Servers/HttpServer/WebsocketServerHandler.cs +++ b/OpenSim/Framework/Servers/HttpServer/WebsocketServerHandler.cs | |||
@@ -28,8 +28,10 @@ | |||
28 | using System; | 28 | using System; |
29 | using System.Collections.Generic; | 29 | using System.Collections.Generic; |
30 | using System.IO; | 30 | using System.IO; |
31 | using System.Net; | ||
31 | using System.Security.Cryptography; | 32 | using System.Security.Cryptography; |
32 | using System.Text; | 33 | using System.Text; |
34 | using System.Threading; | ||
33 | using HttpServer; | 35 | using HttpServer; |
34 | 36 | ||
35 | namespace OpenSim.Framework.Servers.HttpServer | 37 | namespace OpenSim.Framework.Servers.HttpServer |
@@ -98,6 +100,8 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
98 | /// </summary> | 100 | /// </summary> |
99 | public ValidateHandshake HandshakeValidateMethodOverride = null; | 101 | public ValidateHandshake HandshakeValidateMethodOverride = null; |
100 | 102 | ||
103 | private ManualResetEvent _receiveDone = new ManualResetEvent(false); | ||
104 | |||
101 | private OSHttpRequest _request; | 105 | private OSHttpRequest _request; |
102 | private HTTPNetworkContext _networkContext; | 106 | private HTTPNetworkContext _networkContext; |
103 | private IHttpClientContext _clientContext; | 107 | private IHttpClientContext _clientContext; |
@@ -109,6 +113,8 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
109 | private bool _closing; | 113 | private bool _closing; |
110 | private bool _upgraded; | 114 | private bool _upgraded; |
111 | private int _maxPayloadBytes = 41943040; | 115 | private int _maxPayloadBytes = 41943040; |
116 | private int _initialMsgTimeout = 0; | ||
117 | private int _defaultReadTimeout = 10000; | ||
112 | 118 | ||
113 | private const string HandshakeAcceptText = | 119 | private const string HandshakeAcceptText = |
114 | "HTTP/1.1 101 Switching Protocols\r\n" + | 120 | "HTTP/1.1 101 Switching Protocols\r\n" + |
@@ -131,6 +137,7 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
131 | { | 137 | { |
132 | _request = preq; | 138 | _request = preq; |
133 | _networkContext = pContext.GiveMeTheNetworkStreamIKnowWhatImDoing(); | 139 | _networkContext = pContext.GiveMeTheNetworkStreamIKnowWhatImDoing(); |
140 | _networkContext.Stream.ReadTimeout = _defaultReadTimeout; | ||
134 | _clientContext = pContext; | 141 | _clientContext = pContext; |
135 | _bufferLength = bufferlen; | 142 | _bufferLength = bufferlen; |
136 | _buffer = new byte[_bufferLength]; | 143 | _buffer = new byte[_bufferLength]; |
@@ -206,6 +213,16 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
206 | } | 213 | } |
207 | 214 | ||
208 | /// <summary> | 215 | /// <summary> |
216 | /// Set this to the maximum amount of milliseconds to wait for the first complete message to be sent or received on the websocket after upgrading | ||
217 | /// Default, it waits forever. Use this when your Websocket consuming code opens a connection and waits for a message from the other side to avoid a Denial of Service vector. | ||
218 | /// </summary> | ||
219 | public int InitialMsgTimeout | ||
220 | { | ||
221 | get { return _initialMsgTimeout; } | ||
222 | set { _initialMsgTimeout = value; } | ||
223 | } | ||
224 | |||
225 | /// <summary> | ||
209 | /// This triggers the websocket start the upgrade process | 226 | /// This triggers the websocket start the upgrade process |
210 | /// </summary> | 227 | /// </summary> |
211 | public void HandshakeAndUpgrade() | 228 | public void HandshakeAndUpgrade() |
@@ -245,6 +262,7 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
245 | string rawaccept = string.Format(HandshakeAcceptText, acceptKey); | 262 | string rawaccept = string.Format(HandshakeAcceptText, acceptKey); |
246 | SendUpgradeSuccess(rawaccept); | 263 | SendUpgradeSuccess(rawaccept); |
247 | 264 | ||
265 | |||
248 | } | 266 | } |
249 | else | 267 | else |
250 | { | 268 | { |
@@ -258,6 +276,10 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
258 | SendUpgradeSuccess(rawaccept); | 276 | SendUpgradeSuccess(rawaccept); |
259 | } | 277 | } |
260 | } | 278 | } |
279 | public IPEndPoint GetRemoteIPEndpoint() | ||
280 | { | ||
281 | return _request.RemoteIPEndPoint; | ||
282 | } | ||
261 | 283 | ||
262 | /// <summary> | 284 | /// <summary> |
263 | /// Generates a handshake response key string based on the client's | 285 | /// Generates a handshake response key string based on the client's |
@@ -290,9 +312,16 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
290 | WebSocketState socketState = new WebSocketState() { ReceivedBytes = new List<byte>(), Header = WebsocketFrameHeader.HeaderDefault(), FrameComplete = true}; | 312 | WebSocketState socketState = new WebSocketState() { ReceivedBytes = new List<byte>(), Header = WebsocketFrameHeader.HeaderDefault(), FrameComplete = true}; |
291 | 313 | ||
292 | byte[] bhandshakeResponse = Encoding.UTF8.GetBytes(pHandshakeResponse); | 314 | byte[] bhandshakeResponse = Encoding.UTF8.GetBytes(pHandshakeResponse); |
315 | |||
316 | |||
317 | |||
318 | |||
293 | try | 319 | try |
294 | { | 320 | { |
295 | 321 | if (_initialMsgTimeout > 0) | |
322 | { | ||
323 | _receiveDone.Reset(); | ||
324 | } | ||
296 | // Begin reading the TCP stream before writing the Upgrade success message to the other side of the stream. | 325 | // Begin reading the TCP stream before writing the Upgrade success message to the other side of the stream. |
297 | _networkContext.Stream.BeginRead(_buffer, 0, _bufferLength, OnReceive, socketState); | 326 | _networkContext.Stream.BeginRead(_buffer, 0, _bufferLength, OnReceive, socketState); |
298 | 327 | ||
@@ -303,6 +332,11 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
303 | UpgradeCompletedDelegate d = OnUpgradeCompleted; | 332 | UpgradeCompletedDelegate d = OnUpgradeCompleted; |
304 | if (d != null) | 333 | if (d != null) |
305 | d(this, new UpgradeCompletedEventArgs()); | 334 | d(this, new UpgradeCompletedEventArgs()); |
335 | if (_initialMsgTimeout > 0) | ||
336 | { | ||
337 | if (!_receiveDone.WaitOne(TimeSpan.FromMilliseconds(_initialMsgTimeout))) | ||
338 | Close(string.Empty); | ||
339 | } | ||
306 | } | 340 | } |
307 | catch (IOException) | 341 | catch (IOException) |
308 | { | 342 | { |
@@ -489,6 +523,11 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
489 | /// <param name="message">the string message that is to be sent</param> | 523 | /// <param name="message">the string message that is to be sent</param> |
490 | public void SendMessage(string message) | 524 | public void SendMessage(string message) |
491 | { | 525 | { |
526 | if (_initialMsgTimeout > 0) | ||
527 | { | ||
528 | _receiveDone.Set(); | ||
529 | _initialMsgTimeout = 0; | ||
530 | } | ||
492 | byte[] messagedata = Encoding.UTF8.GetBytes(message); | 531 | byte[] messagedata = Encoding.UTF8.GetBytes(message); |
493 | WebSocketFrame textMessageFrame = new WebSocketFrame() { Header = WebsocketFrameHeader.HeaderDefault(), WebSocketPayload = messagedata }; | 532 | WebSocketFrame textMessageFrame = new WebSocketFrame() { Header = WebsocketFrameHeader.HeaderDefault(), WebSocketPayload = messagedata }; |
494 | textMessageFrame.Header.Opcode = WebSocketReader.OpCode.Text; | 533 | textMessageFrame.Header.Opcode = WebSocketReader.OpCode.Text; |
@@ -499,6 +538,11 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
499 | 538 | ||
500 | public void SendData(byte[] data) | 539 | public void SendData(byte[] data) |
501 | { | 540 | { |
541 | if (_initialMsgTimeout > 0) | ||
542 | { | ||
543 | _receiveDone.Set(); | ||
544 | _initialMsgTimeout = 0; | ||
545 | } | ||
502 | WebSocketFrame dataMessageFrame = new WebSocketFrame() { Header = WebsocketFrameHeader.HeaderDefault(), WebSocketPayload = data}; | 546 | WebSocketFrame dataMessageFrame = new WebSocketFrame() { Header = WebsocketFrameHeader.HeaderDefault(), WebSocketPayload = data}; |
503 | dataMessageFrame.Header.IsEnd = true; | 547 | dataMessageFrame.Header.IsEnd = true; |
504 | dataMessageFrame.Header.Opcode = WebSocketReader.OpCode.Binary; | 548 | dataMessageFrame.Header.Opcode = WebSocketReader.OpCode.Binary; |
@@ -531,6 +575,11 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
531 | /// </summary> | 575 | /// </summary> |
532 | public void SendPingCheck() | 576 | public void SendPingCheck() |
533 | { | 577 | { |
578 | if (_initialMsgTimeout > 0) | ||
579 | { | ||
580 | _receiveDone.Set(); | ||
581 | _initialMsgTimeout = 0; | ||
582 | } | ||
534 | WebSocketFrame pingFrame = new WebSocketFrame() { Header = WebsocketFrameHeader.HeaderDefault(), WebSocketPayload = new byte[0] }; | 583 | WebSocketFrame pingFrame = new WebSocketFrame() { Header = WebsocketFrameHeader.HeaderDefault(), WebSocketPayload = new byte[0] }; |
535 | pingFrame.Header.Opcode = WebSocketReader.OpCode.Ping; | 584 | pingFrame.Header.Opcode = WebSocketReader.OpCode.Ping; |
536 | pingFrame.Header.IsEnd = true; | 585 | pingFrame.Header.IsEnd = true; |
@@ -544,6 +593,11 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
544 | /// <param name="message"></param> | 593 | /// <param name="message"></param> |
545 | public void Close(string message) | 594 | public void Close(string message) |
546 | { | 595 | { |
596 | if (_initialMsgTimeout > 0) | ||
597 | { | ||
598 | _receiveDone.Set(); | ||
599 | _initialMsgTimeout = 0; | ||
600 | } | ||
547 | if (_networkContext == null) | 601 | if (_networkContext == null) |
548 | return; | 602 | return; |
549 | if (_networkContext.Stream != null) | 603 | if (_networkContext.Stream != null) |
@@ -583,7 +637,11 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
583 | WebSocketReader.Mask(psocketState.Header.Mask, unmask); | 637 | WebSocketReader.Mask(psocketState.Header.Mask, unmask); |
584 | psocketState.ReceivedBytes = new List<byte>(unmask); | 638 | psocketState.ReceivedBytes = new List<byte>(unmask); |
585 | } | 639 | } |
586 | 640 | if (psocketState.Header.Opcode != WebSocketReader.OpCode.Continue && _initialMsgTimeout > 0) | |
641 | { | ||
642 | _receiveDone.Set(); | ||
643 | _initialMsgTimeout = 0; | ||
644 | } | ||
587 | switch (psocketState.Header.Opcode) | 645 | switch (psocketState.Header.Opcode) |
588 | { | 646 | { |
589 | case WebSocketReader.OpCode.Ping: | 647 | case WebSocketReader.OpCode.Ping: |
@@ -696,6 +754,11 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
696 | } | 754 | } |
697 | public void Dispose() | 755 | public void Dispose() |
698 | { | 756 | { |
757 | if (_initialMsgTimeout > 0) | ||
758 | { | ||
759 | _receiveDone.Set(); | ||
760 | _initialMsgTimeout = 0; | ||
761 | } | ||
699 | if (_networkContext != null && _networkContext.Stream != null) | 762 | if (_networkContext != null && _networkContext.Stream != null) |
700 | { | 763 | { |
701 | if (_networkContext.Stream.CanWrite) | 764 | if (_networkContext.Stream.CanWrite) |