Bump version to 0.3.3.

Lower default max buffer length

.travis.yml

@@ -6,3 +6,6 @@ node_js:
   - "0.10"
   - "0.11"
 
+before_install:
+  - '[ "${TRAVIS_NODE_VERSION}" = "0.6" ] && npm conf set strict-ssl false || true'
+

CHANGELOG.md

@@ -1,3 +1,19 @@
+### 0.3.3 / 2014-04-24
+
+* Correct the draft-76 status line reason phrase
+
+### 0.3.2 / 2013-12-29
+
+* Expand `maxLength` to cover sequences of continuation frames and `draft-{75,76}`
+* Decrease default maximum frame buffer size to 64MB
+* Stop parsing when the protocol enters a failure mode, to save CPU cycles
+
+### 0.3.1 / 2013-12-03
+
+* Add a `maxLength` option to limit allowed frame size
+* Don't pre-allocate a message buffer until the whole frame has arrived
+* Fix compatibility with Node v0.11 `HTTPParser`
+
 ### 0.3.0 / 2013-09-09
 
 * Support client URLs with Basic Auth credentials

README.md

@@ -173,6 +173,8 @@ with masking enabled on outgoing frames.
 The `options` argument is optional, and is an object. It may contain the
 following fields:
 
+* `maxLength` - the maximum allowed size of incoming message frames, in bytes.
+  The default value is `2^26 - 1`, or 1 byte short of 64 MiB.
 * `protocols` - an array of strings representing acceptable subprotocols for
   use over the socket. The driver will negotiate one of these to use via the
   `Sec-WebSocket-Protocol` header if supported by the other peer.
@@ -283,7 +285,7 @@ after `emit('open')` has fired.
 
 (The MIT License)
 
-Copyright (c) 2010-2013 James Coglan
+Copyright (c) 2010-2014 James Coglan
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the 'Software'), to deal in

lib/websocket/driver/base.js

@@ -8,6 +8,7 @@ var Base = function(request, url, options) {
 
   this._request   = request;
   this._options   = options || {};
+  this._maxLength = this._options.maxLength || this.MAX_LENGTH;
   this.__headers  = new Headers();
   this.__queue    = [];
   this.readyState = 0;
@@ -20,6 +21,10 @@ var Base = function(request, url, options) {
 util.inherits(Base, Emitter);
 
 var instance = {
+  // This is 64MB, small enough for an average VPS to handle without
+  // crashing from process out of memory
+  MAX_LENGTH: 0x3ffffff,
+
   STATES: ['connecting', 'open', 'closing', 'closed'],
 
   _bindEventListeners: function() {

lib/websocket/driver/draft75.js

@@ -9,7 +9,16 @@ var Draft75 = function(request, url, options) {
 util.inherits(Draft75, Base);
 
 var instance = {
+  close: function() {
+    if (this.readyState === 3) return false;
+    this.readyState = 3;
+    this.emit('close', new Base.CloseEvent(null, null));
+    return true;
+  },
+
   parse: function(buffer) {
+    if (this.readyState > 1) return;
+
     var data, message, value;
     for (var i = 0, n = buffer.length; i < n; i++) {
       data = buffer[i];
@@ -29,8 +38,7 @@ var instance = {
           this._length = value + 128 * this._length;
 
           if (this._closing && this._length === 0) {
-            this.readyState = 3;
-            this.emit('close', new Base.CloseEvent(null, null));
+            return this.close();
           }
           else if ((0x80 & data) !== 0x80) {
             if (this._length === 0) {
@@ -56,6 +64,7 @@ var instance = {
                 this._stage = 0;
             } else {
               this._buffer.push(data);
+              if (this._buffer.length > this._maxLength) return this.close();
             }
           }
           break;

lib/websocket/driver/draft76.js

@@ -48,7 +48,7 @@ var instance = {
   },
 
   _handshakeResponse: function() {
-    return new Buffer('HTTP/1.1 101 Web Socket Protocol Handshake\r\n' +
+    return new Buffer('HTTP/1.1 101 WebSocket Protocol Handshake\r\n' +
                       'Upgrade: WebSocket\r\n' +
                       'Connection: Upgrade\r\n' +
                       'Sec-WebSocket-Origin: ' + this._request.headers.origin + '\r\n' +

lib/websocket/driver/http_parser.js

@@ -22,8 +22,8 @@ var HttpParser = function(type) {
     self.headers[current] = b.toString('utf8', start, start + length);
   };
 
-  this._parser.onHeadersComplete = function(info) {
-    self.method     = info.method;
+  this._parser.onHeadersComplete = this._parser[HTTPParser.kOnHeadersComplete] = function(info) {
+    self.method     = (typeof info.method === 'number') ? HttpParser.METHODS[info.method] : info.method;
     self.statusCode = info.statusCode;
     self.url        = info.url;
     
@@ -34,11 +34,35 @@ var HttpParser = function(type) {
       self.headers[headers[i].toLowerCase()] = headers[i+1];
   };
 
-  this._parser.onMessageComplete = function() {
+  this._parser.onMessageComplete = this._parser[HTTPParser.kOnMessageComplete] = function() {
     self._complete = true;
   };
 };
 
+HttpParser.METHODS = {
+  0:  'DELETE',
+  1:  'GET',
+  2:  'HEAD',
+  3:  'POST',
+  4:  'PUT',
+  5:  'CONNECT',
+  6:  'OPTIONS',
+  7:  'TRACE',
+  8:  'COPY',
+  9:  'LOCK',
+  10: 'MKCOL',
+  11: 'MOVE',
+  12: 'PROPFIND',
+  13: 'PROPPATCH',
+  14: 'SEARCH',
+  15: 'UNLOCK',
+  16: 'REPORT',
+  17: 'MKACTIVITY',
+  18: 'CHECKOUT',
+  19: 'MERGE',
+  24: 'PATCH'
+};
+
 HttpParser.prototype.isComplete = function() {
   return this._complete;
 };

lib/websocket/driver/hybi.js

@@ -66,7 +66,6 @@ var instance = {
   FRAGMENTED_OPCODES: [0, 1, 2],
   OPENING_OPCODES:    [1, 2],
 
-  MAX_LENGTH: Math.pow(2, 53) - 1,
   TWO_POWERS: [0, 1, 2, 3, 4, 5, 6, 7].map(function(n) { return Math.pow(2, 8 * n) }),
 
   ERRORS: {
@@ -124,6 +123,9 @@ var instance = {
             this._stage = 0;
           }
           break;
+
+        default:
+          buffer = null;
       }
     }
   },
@@ -245,6 +247,7 @@ var instance = {
   _shutdown: function(code, reason) {
     this.frame(reason, 'close', code);
     this.readyState = 3;
+    this._stage = 5;
     this.emit('close', new Base.CloseEvent(code, reason));
   },
 
@@ -289,11 +292,11 @@ var instance = {
     this._length = (data & this.LENGTH);
 
     if (this._length >= 0 && this._length <= 125) {
+      if (!this._checkFrameLength()) return;
       this._stage = this._masked ? 3 : 4;
     } else {
-      this._lengthBuffer = [];
-      this._lengthSize   = (this._length === 126 ? 2 : 8);
-      this._stage        = 2;
+      this._lengthSize = (this._length === 126 ? 2 : 8);
+      this._stage      = 2;
     }
   },
 
@@ -303,12 +306,20 @@ var instance = {
     if (this.FRAGMENTED_OPCODES.indexOf(this._opcode) < 0 && this._length > 125)
       return this._fail('protocol_error', 'Received control frame having too long payload: ' + this._length);
 
-    if (this._length > this.MAX_LENGTH)
-      return this._fail('too_large', 'WebSocket frame length too large');
+    if (!this._checkFrameLength()) return;
 
     this._stage  = this._masked ? 3 : 4;
   },
 
+  _checkFrameLength: function() {
+    if (this.__blength + this._length > this._maxLength) {
+      this._fail('too_large', 'WebSocket frame length too large');
+      return false;
+    } else {
+      return true;
+    }
+  },
+
   _emitFrame: function() {
     var payload = Hybi.mask(this._payload, this._mask),
         opcode  = this._opcode;
@@ -317,7 +328,7 @@ var instance = {
       if (!this._mode) return this._fail('protocol_error', 'Received unexpected continuation frame');
       this._buffer(payload);
       if (this._final) {
-        var message = new Buffer(this.__buffer);
+        var message = this._concatBuffer();
         if (this._mode === 'text') message = this._encode(message);
         this._reset();
         if (message === null)
@@ -374,13 +385,25 @@ var instance = {
   },
 
   _buffer: function(fragment) {
-    for (var i = 0, n = fragment.length; i < n; i++)
-      this.__buffer.push(fragment[i]);
+    this.__buffer.push(fragment);
+    this.__blength += fragment.length;
+  },
+
+  _concatBuffer: function() {
+    var buffer = new Buffer(this.__blength),
+        offset = 0;
+
+    for (var i = 0, n = this.__buffer.length; i < n; i++) {
+      this.__buffer[i].copy(buffer, offset);
+      offset += this.__buffer[i].length;
+    }
+    return buffer;
   },
 
   _reset: function() {
-    this._mode    = null;
-    this.__buffer = [];
+    this._mode     = null;
+    this.__buffer  = [];
+    this.__blength = 0;
   },
 
   _encode: function(buffer) {

lib/websocket/driver/hybi/stream_reader.js

@@ -1,6 +1,7 @@
 var StreamReader = function() {
-  this._queue  = [];
-  this._cursor = 0;
+  this._queue     = [];
+  this._queueSize = 0;
+  this._cursor    = 0;
 };
 
 StreamReader.prototype.read = function(bytes) {
@@ -11,9 +12,12 @@ StreamReader.prototype.put = function(buffer) {
   if (!buffer || buffer.length === 0) return;
   if (!buffer.copy) buffer = new Buffer(buffer);
   this._queue.push(buffer);
+  this._queueSize += buffer.length;
 };
 
 StreamReader.prototype._readBuffer = function(length) {
+  if (length > this._queueSize) return null;
+
   var buffer = new Buffer(length),
       queue  = this._queue,
       remain = length,
@@ -29,11 +33,10 @@ StreamReader.prototype._readBuffer = function(length) {
     size = Math.min(remain, chunk.length - offset);
     chunk.copy(buffer, length - remain, offset, offset + size);
     remain -= size;
+    this._queueSize -= size;
     i += 1;
   }
 
-  if (remain > 0) return null;
-
   queue.splice(0, i-1);
   this._cursor = (i === 1 ? this._cursor : 0) + size;
 

package.json

@@ -5,7 +5,7 @@
 , "keywords"        : ["websocket"]
 , "license"         : "MIT"
 
-, "version"         : "0.3.0"
+, "version"         : "0.3.3"
 , "engines"         : {"node": ">=0.4.0"}
 , "main"            : "./lib/websocket/driver"
 , "devDependencies" : {"jstest": ""}

spec/websocket/driver/draft76_spec.js

@@ -53,7 +53,7 @@ test.describe("Draft76", function() { with(this) {
     describe("start", function() { with(this) {
       it("writes the handshake response to the socket", function() { with(this) {
         expect(driver().io, "emit").given("data", buffer(
-            "HTTP/1.1 101 Web Socket Protocol Handshake\r\n" +
+            "HTTP/1.1 101 WebSocket Protocol Handshake\r\n" +
             "Upgrade: WebSocket\r\n" +
             "Connection: Upgrade\r\n" +
             "Sec-WebSocket-Origin: http://www.example.com\r\n" +
@@ -95,7 +95,7 @@ test.describe("Draft76", function() { with(this) {
 
       it("queues the frames until the handshake has been sent", function() { with(this) {
         expect(driver().io, "emit").given("data", buffer(
-            "HTTP/1.1 101 Web Socket Protocol Handshake\r\n" +
+            "HTTP/1.1 101 WebSocket Protocol Handshake\r\n" +
             "Upgrade: WebSocket\r\n" +
             "Connection: Upgrade\r\n" +
             "Sec-WebSocket-Origin: http://www.example.com\r\n" +
@@ -116,7 +116,7 @@ test.describe("Draft76", function() { with(this) {
 
       it("writes the handshake response with no body", function() { with(this) {
         expect(driver().io, "emit").given("data", buffer(
-            "HTTP/1.1 101 Web Socket Protocol Handshake\r\n" +
+            "HTTP/1.1 101 WebSocket Protocol Handshake\r\n" +
             "Upgrade: WebSocket\r\n" +
             "Connection: Upgrade\r\n" +
             "Sec-WebSocket-Origin: http://www.example.com\r\n" +

spec/websocket/driver/hybi_spec.js

@@ -308,7 +308,7 @@ test.describe("Hybi", function() { with(this) {
       }})
 
       it("returns an error for too-large frames", function() { with(this) {
-        driver().parse([0x81, 0x7f, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00])
+        driver().parse([0x81, 0x7f, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00])
         assertEqual( "WebSocket frame length too large", error.message )
         assertEqual( [1009, "WebSocket frame length too large"], close )
         assertEqual( "closed", driver().getState() )