228329 – WebSocket: Safari on iOS 15 beta 3 is sending invalid close frame

Bug 228329 - WebSocket: Safari on iOS 15 beta 3 is sending invalid close frame

Summary: WebSocket: Safari on iOS 15 beta 3 is sending invalid close frame

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	Other
Hardware:	Unspecified Other

Importance:	P2 Normal
Assignee:	Alex Christensen

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-07-27 09:20 PDT by Lars Mikkelsen
Modified:	2021-07-28 10:31 PDT (History)
CC List:	4 users (show)

See Also:	228296

Attachments
WebSocket close frame with invalid status code (46.57 KB, image/png) 2021-07-27 09:20 PDT, Lars Mikkelsen	no flags	Details
Patch (8.08 KB, patch) 2021-07-27 16:08 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Patch (8.26 KB, patch) 2021-07-27 17:00 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lars Mikkelsen 2021-07-27 09:20:12 PDT

Created attachment 434293 [details]
WebSocket close frame with invalid status code

We have a dev-server based on the ws Node library. We've noticed that Safari on iOS 15 beta 3 is causing ws to throw "RangeError: Invalid WebSocket frame: invalid status code 22373" (as reported by other users at https://github.com/websockets/ws/issues/1916). I've tracked this down to Safari sending a WebSocket close frame without a two-byte status code, so the first two bytes of the reason "WebSocket is closed due to suspension." are interpreted as the status code, i.e. 'We' == 0x5765 == 22373. As far as I can tell the message originates at https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/Modules/websockets/WebSocket.cpp#L522. I suspect r270882 surfaced this issue by now closing the WebSocket when WebSocketChannel::fail() is called. I have a hard time following the code from there, but I believe it eventually ends up calling NSURLSessionWebSocketTask::cancelWithCloseCode in https://trac.webkit.org/browser/webkit/trunk/Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.mm#L152 with a status code.

Comment 1 Radar WebKit Bug Importer 2021-07-27 10:23:35 PDT

<rdar://problem/81169550>

Comment 2 Alex Christensen 2021-07-27 16:08:11 PDT

Created attachment 434377 [details]
Patch

Comment 3 Alex Christensen 2021-07-27 17:00:17 PDT

Created attachment 434386 [details]
Patch

Comment 4 EWS 2021-07-28 08:57:57 PDT

Committed r280385 (240028@main): <https://commits.webkit.org/240028@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 434386 [details].

Comment 5 Alex Christensen 2021-07-28 09:24:28 PDT

Thanks for the report, Lars!

Comment 6 Lars Mikkelsen 2021-07-28 10:31:54 PDT

Thank you for the super quick fix!