Skip to content

websocket: don't use pooled buffer in mask pool #3357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jun 23, 2024
Merged

websocket: don't use pooled buffer in mask pool #3357

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
97b5ba2
websocket: don't use pooled buffer in mask pool
tsctx Jun 22, 2024
abc6323
add test
tsctx Jun 22, 2024
cae53bc
fixup
tsctx Jun 22, 2024
071528e
fixup
tsctx Jun 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/web/websocket/frame.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ try {
function generateMask () {
if (bufIdx === BUFFER_SIZE) {
bufIdx = 0
crypto.randomFillSync((buffer ??= Buffer.allocUnsafe(BUFFER_SIZE)), 0, BUFFER_SIZE)
crypto.randomFillSync((buffer ??= Buffer.allocUnsafeSlow(BUFFER_SIZE)), 0, BUFFER_SIZE)
Copy link
Member Author

@tsctx tsctx Jun 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem, but with the current code, I have some concerns.

Copy link
Member

@mcollina mcollina Jun 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see them, unless we acess buffer.buffer anywhere

Copy link
Member Author

@tsctx tsctx Jun 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If they access it, they can rewrite the mask, right?

Copy link
Member Author

@tsctx tsctx Jun 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

example:

import { WebSocket } from './index.js'

Buffer.poolSize = 16386 * 4

// any echo server url
const u = new WebSocket('ws://localhost:3000')

u.onmessage = (data) => {
  // The mask can be rewritten here.
  new Uint8Array(Buffer.allocUnsafe(1).buffer).fill(0)
  u.send('Hi')
}
u.onopen = () => {
  u.send('Hi')
}

}
return [buffer[bufIdx++], buffer[bufIdx++], buffer[bufIdx++], buffer[bufIdx++]]
}
Expand Down