Skip to content

Commit dc46ff4

Browse files
coadlercoadler
authored
fix: ensure websocket close messages are truncated to 123 bytes (#779)
It's possible for websocket close messages to be too long, which cause them to silently fail without a proper close message. See error below: ``` 2022-03-31 17:08:34.862 [INFO] (stdlib) <close_notjs.go:72> "2022/03/31 17:08:34 websocket: failed to marshal close frame: reason string max is 123 but got \"insert provisioner daemon:Cannot encode []database.ProvisionerType into oid 19098 - []database.ProvisionerType must implement Encoder or be converted to a string\" with length 161" ```
1 parent 4601a35 commit dc46ff4

File tree

7 files changed

+52
-12
lines changed

7 files changed

+52
-12
lines changed

cli/configssh_test.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,11 @@ import (
44
"os"
55
"testing"
66

7+
"github.com/stretchr/testify/require"
8+
79
"github.com/coder/coder/cli/clitest"
810
"github.com/coder/coder/coderd/coderdtest"
911
"github.com/coder/coder/pty/ptytest"
10-
"github.com/stretchr/testify/require"
1112
)
1213

1314
func TestConfigSSH(t *testing.T) {

cli/ssh.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,12 @@ import (
1313
gossh "golang.org/x/crypto/ssh"
1414
"golang.org/x/xerrors"
1515

16+
"golang.org/x/crypto/ssh/terminal"
17+
1618
"github.com/coder/coder/cli/cliflag"
1719
"github.com/coder/coder/cli/cliui"
1820
"github.com/coder/coder/coderd/database"
1921
"github.com/coder/coder/codersdk"
20-
"golang.org/x/crypto/ssh/terminal"
2122
)
2223

2324
func ssh() *cobra.Command {

coderd/httpapi/httpapi.go

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115,3 +115,21 @@ func Read(rw http.ResponseWriter, r *http.Request, value interface{}) bool {
115115
}
116116
return true
117117
}
118+
119+
const websocketCloseMaxLen = 123
120+
121+
// WebsocketCloseSprintf formats a websocket close message and ensures it is
122+
// truncated to the maximum allowed length.
123+
func WebsocketCloseSprintf(format string, vars ...any) string {
124+
msg := fmt.Sprintf(format, vars...)
125+
126+
// Cap msg length at 123 bytes. nhooyr/websocket only allows close messages
127+
// of this length.
128+
if len(msg) > websocketCloseMaxLen {
129+
// Trim the string to 123 bytes. If we accidentally cut in the middle of
130+
// a UTF-8 character, remove it from the string.
131+
return strings.ToValidUTF8(string(msg[123]), "")
132+
}
133+
134+
return msg
135+
}

coderd/httpapi/httpapi_test.go

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,10 @@ import (
55
"encoding/json"
66
"net/http"
77
"net/http/httptest"
8+
"strings"
89
"testing"
910

11+
"github.com/stretchr/testify/assert"
1012
"github.com/stretchr/testify/require"
1113

1214
"github.com/coder/coder/coderd/httpapi"
@@ -142,3 +144,23 @@ func TestReadUsername(t *testing.T) {
142144
})
143145
}
144146
}
147+
148+
func WebsocketCloseMsg(t *testing.T) {
149+
t.Parallel()
150+
151+
t.Run("TruncateSingleByteCharacters", func(t *testing.T) {
152+
t.Parallel()
153+
154+
msg := strings.Repeat("d", 255)
155+
trunc := httpapi.WebsocketCloseSprintf(msg)
156+
assert.LessOrEqual(t, len(trunc), 123)
157+
})
158+
159+
t.Run("TruncateMultiByteCharacters", func(t *testing.T) {
160+
t.Parallel()
161+
162+
msg := strings.Repeat("こんにちは", 10)
163+
trunc := httpapi.WebsocketCloseSprintf(msg)
164+
assert.LessOrEqual(t, len(trunc), 123)
165+
})
166+
}

coderd/provisionerdaemons.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ func (api *api) provisionerDaemonsListen(rw http.ResponseWriter, r *http.Request
5656
Provisioners: []database.ProvisionerType{database.ProvisionerTypeEcho, database.ProvisionerTypeTerraform},
5757
})
5858
if err != nil {
59-
_ = conn.Close(websocket.StatusInternalError, fmt.Sprintf("insert provisioner daemon:% s", err))
59+
_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("insert provisioner daemon: %s", err))
6060
return
6161
}
6262

@@ -67,7 +67,7 @@ func (api *api) provisionerDaemonsListen(rw http.ResponseWriter, r *http.Request
6767
config.LogOutput = io.Discard
6868
session, err := yamux.Server(websocket.NetConn(r.Context(), conn, websocket.MessageBinary), config)
6969
if err != nil {
70-
_ = conn.Close(websocket.StatusInternalError, fmt.Sprintf("multiplex server: %s", err))
70+
_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("multiplex server: %s", err))
7171
return
7272
}
7373
mux := drpcmux.New()
@@ -80,13 +80,13 @@ func (api *api) provisionerDaemonsListen(rw http.ResponseWriter, r *http.Request
8080
Logger: api.Logger.Named(fmt.Sprintf("provisionerd-%s", daemon.Name)),
8181
})
8282
if err != nil {
83-
_ = conn.Close(websocket.StatusInternalError, fmt.Sprintf("drpc register provisioner daemon: %s", err))
83+
_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("drpc register provisioner daemon: %s", err))
8484
return
8585
}
8686
server := drpcserver.New(mux)
8787
err = server.Serve(r.Context(), session)
8888
if err != nil {
89-
_ = conn.Close(websocket.StatusInternalError, fmt.Sprintf("serve: %s", err))
89+
_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("serve: %s", err))
9090
return
9191
}
9292
_ = conn.Close(websocket.StatusGoingAway, "")

coderd/workspaceresources.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@ func (api *api) workspaceResourceDial(rw http.ResponseWriter, r *http.Request) {
108108
Pubsub: api.Pubsub,
109109
})
110110
if err != nil {
111-
_ = conn.Close(websocket.StatusInternalError, fmt.Sprintf("serve: %s", err))
111+
_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("serve: %s", err))
112112
return
113113
}
114114
}

provisioner/terraform/serve.go

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,16 +4,14 @@ import (
44
"context"
55
"path/filepath"
66

7+
"github.com/cli/safeexec"
78
"github.com/hashicorp/go-version"
9+
"github.com/hashicorp/hc-install/product"
10+
"github.com/hashicorp/hc-install/releases"
811
"golang.org/x/xerrors"
912

1013
"cdr.dev/slog"
11-
12-
"github.com/cli/safeexec"
1314
"github.com/coder/coder/provisionersdk"
14-
15-
"github.com/hashicorp/hc-install/product"
16-
"github.com/hashicorp/hc-install/releases"
1715
)
1816

1917
var (

0 commit comments

Comments
 (0)