OpenStack Compute (nova)

novncproxy accepts un-masked client websocket frames

Bug #1278342 reported by Bernhard M. Wiedemann on 2014-02-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Expired	Undecided	Unassigned

Bug Description

using Havana nova with python-websockify-0.5.1
I found that the server is not picky enough.
It accepts WebSocket frames with the masked-bit unset
though the relevant standard
https://tools.ietf.org/html/rfc6455#section-5.1
says
The server MUST close the connection upon receiving a frame that is not masked.

For testing this behaviour, you can use my code without this fix
https://github.com/bmwiedemann/connectionproxy/commit/1ece2024090cfbacc003f66c036c2fe550fd488a

it is used like this:

git clone https://github.com/bmwiedemann/connectionproxy.git
$INSTALL perl-Protocol-WebSocket
nova get-vnc-console $YOURINSTANCE novnc
perl wsconnectionproxy.pl --port 5942 --to http://cloud.example.com:6080/vnc_auto.html?token=xxx
gvncviewer localhost:42

Tags:

Matt Riedemann (mriedem) on 2014-02-10

tags:

added: console

Revision history for this message

Sean Dague (sdague) wrote on 2014-09-09:

Seems like an upstream bug? Can you confirm if you expect there is a nova change for this, or if it's an upstream issue.

Changed in nova:
status:	New → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-04-02:

[Expired for OpenStack Compute (nova) because there has been no activity for 60 days.]

Changed in nova:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.