Fix fragmented frame handling in websocket (#3)

Author: johnnzhou

Sources/LCLWebSocket/Client/WebSocketClient.swift

@@ -203,14 +203,9 @@ public struct WebSocketClient: Sendable, LCLWebSocketListenable {
                         )
                     )
 
-                    try channel.pipeline.syncOperations.addHandlers([
-                        NIOWebSocketFrameAggregator(
-                            minNonFinalFragmentSize: configuration.minNonFinalFragmentSize,
-                            maxAccumulatedFrameCount: configuration.maxAccumulatedFrameCount,
-                            maxAccumulatedFrameSize: configuration.maxAccumulatedFrameSize
-                        ),
-                        WebSocketHandler(websocket: websocket),
-                    ])
+                    try channel.pipeline.syncOperations.addHandlers(
+                        WebSocketHandler(websocket: websocket, configuration: configuration)
+                    )
                     self._onOpen?(websocket)
                     return channel.eventLoop.makeSucceededVoidFuture()
                 } catch {
@@ -547,14 +542,9 @@ extension WebSocketClient {
                         )
                     )
 
-                    try channel.pipeline.syncOperations.addHandlers([
-                        NIOWebSocketFrameAggregator(
-                            minNonFinalFragmentSize: configuration.minNonFinalFragmentSize,
-                            maxAccumulatedFrameCount: configuration.maxAccumulatedFrameCount,
-                            maxAccumulatedFrameSize: configuration.maxAccumulatedFrameSize
-                        ),
-                        WebSocketHandler(websocket: websocket),
-                    ])
+                    try channel.pipeline.syncOperations.addHandler(
+                        WebSocketHandler(websocket: websocket, configuration: configuration)
+                    )
                     self._onOpen?(websocket)
                 } catch {
                     return channel.eventLoop.makeFailedFuture(error)

Sources/LCLWebSocket/LCLWebSocket+Error.swift

@@ -48,6 +48,24 @@ public enum LCLWebSocketError: Error {
 
     /// HTTP method is not allowed during the upgrade request.
     case methodNotAllowed
+
+    /// Received a new fragment frame without finishing the previous fragment sequence.
+    case receivedNewFrameWithoutFinishingPreviousOne
+
+    /// The size of the non-final fragment is too small.
+    case nonFinalFragmentSizeIsTooSmall
+
+    /// There are too many fragment frames.
+    case tooManyFrameFragments
+
+    /// The buffered frame sizes is too large.
+    case accumulatedFrameSizeIsTooLarge
+
+    /// Received a continuation frame without a previous fragment frame.
+    case receivedContinuationFrameWithoutPreviousFragmentFrame
+
+    /// Invalid UTF-8 string.
+    case invalidUTF8String
 }
 
 extension LCLWebSocketError: CustomStringConvertible {
@@ -75,6 +93,18 @@ extension LCLWebSocketError: CustomStringConvertible {
             return "Unknown opcode \(code)"
         case .methodNotAllowed:
             return "HTTP Method not allowed"
+        case .receivedNewFrameWithoutFinishingPreviousOne:
+            return "Received new frame without finishing previous one"
+        case .nonFinalFragmentSizeIsTooSmall:
+            return "Non-final fragment size is too small"
+        case .tooManyFrameFragments:
+            return "Too many frame fragments"
+        case .accumulatedFrameSizeIsTooLarge:
+            return "Accumulated frame size is too large"
+        case .receivedContinuationFrameWithoutPreviousFragmentFrame:
+            return "Received continuation frame without previous fragment frame"
+        case .invalidUTF8String:
+            return "Invalid UTF-8 string"
         }
     }
 }

Sources/LCLWebSocket/Server/WebSocketServer.swift

@@ -194,14 +194,9 @@ public struct WebSocketServer: Sendable, LCLWebSocketListenable {
                         high: configuration.writeBufferWaterMarkHigh
                     )
                 )
-                try channel.pipeline.syncOperations.addHandlers([
-                    NIOWebSocketFrameAggregator(
-                        minNonFinalFragmentSize: configuration.minNonFinalFragmentSize,
-                        maxAccumulatedFrameCount: configuration.maxAccumulatedFrameCount,
-                        maxAccumulatedFrameSize: configuration.maxAccumulatedFrameSize
-                    ),
-                    WebSocketHandler(websocket: websocket),
-                ])
+                try channel.pipeline.syncOperations.addHandler(
+                    WebSocketHandler(websocket: websocket, configuration: configuration)
+                )
                 self._onOpen?(websocket)
                 return channel.eventLoop.makeSucceededVoidFuture()
             } catch {
@@ -408,14 +403,9 @@ extension WebSocketServer {
                         high: configuration.writeBufferWaterMarkHigh
                     )
                 )
-                try channel.pipeline.syncOperations.addHandlers([
-                    NIOWebSocketFrameAggregator(
-                        minNonFinalFragmentSize: configuration.minNonFinalFragmentSize,
-                        maxAccumulatedFrameCount: configuration.maxAccumulatedFrameCount,
-                        maxAccumulatedFrameSize: configuration.maxAccumulatedFrameSize
-                    ),
-                    WebSocketHandler(websocket: websocket),
-                ])
+                try channel.pipeline.syncOperations.addHandler(
+                    WebSocketHandler(websocket: websocket, configuration: configuration)
+                )
                 return channel.eventLoop.makeSucceededFuture(UpgradeResult.websocket)
             } catch {
                 return channel.eventLoop.makeFailedFuture(error)

Sources/LCLWebSocket/WebSocket.swift

@@ -294,9 +294,6 @@ public final class WebSocket: Sendable {
         }
 
         var data = frame.data
-        if let maskKey = frame.maskKey {
-            data.webSocketUnmask(maskKey)
-        }
         let originalDataReaderIdx = data.readerIndex
 
         switch frame.opcode {
@@ -383,7 +380,7 @@ public final class WebSocket: Sendable {
                 preconditionFailure("WebSocket connection is not established.")
             }
         case .continuation:
-            preconditionFailure("continuation frame is filtered by swiftnio")
+            preconditionFailure("continuation frame is filtered by WebSocketHandler")
         case .ping:
             if frame.fin {
                 self._onPing.value?(self, data)

Sources/LCLWebSocket/WebSocketHandler.swift

@@ -11,14 +11,23 @@
 //
 
 import NIOCore
+import NIOFoundationCompat
 import NIOWebSocket
 
 final class WebSocketHandler: ChannelInboundHandler {
     typealias InboundIn = WebSocketFrame
 
     private let websocket: WebSocket
-    init(websocket: WebSocket) {
+    private var firstFrame: WebSocketFrame?
+    private var bufferedFrameData: ByteBuffer
+    private var totalBufferedFrameCount: Int
+    private let configuration: LCLWebSocket.Configuration
+    init(websocket: WebSocket, configuration: LCLWebSocket.Configuration) {
         self.websocket = websocket
+        self.firstFrame = nil
+        self.bufferedFrameData = ByteBuffer()
+        self.totalBufferedFrameCount = 0
+        self.configuration = configuration
     }
 
     #if DEBUG
@@ -32,8 +41,61 @@ final class WebSocketHandler: ChannelInboundHandler {
     #endif  // DEBUG
 
     func channelRead(context: ChannelHandlerContext, data: NIOAny) {
-        let frame = self.unwrapInboundIn(data)
-        self.websocket.handleFrame(frame)
+        var frame = self.unwrapInboundIn(data)
+        if let maskKey = frame.maskKey {
+            frame.data.webSocketUnmask(maskKey)
+        }
+
+        do {
+            switch frame.opcode {
+            case .continuation:
+                guard let firstFrame = self.firstFrame else {
+                    // close channel due to policy violation
+                    throw LCLWebSocketError.receivedContinuationFrameWithoutPreviousFragmentFrame
+                }
+
+                // buffer the frame
+                try self.bufferFrame(frame)
+
+                guard frame.fin else {
+                    // continuation frame
+                    break
+                }
+
+                // final frame is received
+                // combine frame
+                // clear buffer
+                let combinedFrame = self.combineFrames(firstFrame: firstFrame, allocator: context.channel.allocator)
+                try validateUFT8Encoding(of: combinedFrame.data)
+                self.websocket.handleFrame(combinedFrame)
+                self.clearBufferedFrames()
+
+            case .binary, .text:
+                if frame.fin {
+                    // unfragmented frame
+                    guard self.firstFrame == nil else {
+                        // close channel due to policy violatioin
+                        throw LCLWebSocketError.receivedNewFrameWithoutFinishingPreviousOne
+                    }
+                    try validateUFT8Encoding(of: frame.data)
+
+                    self.websocket.handleFrame(frame)
+                } else {
+                    // fragmented frame
+                    try self.bufferFrame(frame)
+                    return
+                }
+            default:
+                self.websocket.handleFrame(frame)
+            }
+        } catch LCLWebSocketError.invalidUTF8String, is ByteBuffer.ReadUTF8ValidationError {
+            self.websocket.close(code: .dataInconsistentWithMessage, promise: nil)
+            context.close(mode: .all, promise: nil)
+        } catch {
+            let reason = (error as? LCLWebSocketError)?.description
+            self.websocket.close(code: .protocolError, reason: reason, promise: nil)
+            context.close(mode: .all, promise: nil)
+        }
     }
 
     func errorCaught(context: ChannelHandlerContext, error: any Error) {
@@ -46,6 +108,70 @@ final class WebSocketHandler: ChannelInboundHandler {
         }
         context.close(mode: .all, promise: nil)
     }
+
+    private func bufferFrame(_ frame: WebSocketFrame) throws {
+        guard self.firstFrame == nil || frame.opcode == .continuation else {
+            throw LCLWebSocketError.receivedNewFrameWithoutFinishingPreviousOne
+        }
+
+        guard frame.fin || frame.length >= self.configuration.minNonFinalFragmentSize else {
+            throw LCLWebSocketError.nonFinalFragmentSizeIsTooSmall
+        }
+
+        guard self.totalBufferedFrameCount < self.configuration.maxFrameSize else {
+            throw LCLWebSocketError.tooManyFrameFragments
+        }
+
+        guard frame.fin || (self.totalBufferedFrameCount + 1) < self.configuration.maxAccumulatedFrameCount else {
+            throw LCLWebSocketError.tooManyFrameFragments
+        }
+
+        if self.firstFrame == nil {
+            self.firstFrame = frame
+        }
+        self.totalBufferedFrameCount += 1
+        var frame = frame
+        self.bufferedFrameData.writeBuffer(&frame.data)
+
+        guard self.bufferedFrameData.readableBytes <= self.configuration.maxAccumulatedFrameSize else {
+            throw LCLWebSocketError.accumulatedFrameSizeIsTooLarge
+        }
+    }
+
+    private func validateUFT8Encoding(of data: ByteBuffer) throws {
+        if data.readableBytes == 0 {
+            return
+        }
+
+        if #available(macOS 15, iOS 18, tvOS 18, watchOS 11, *) {
+            _ = try self.bufferedFrameData.getUTF8ValidatedString(at: data.readableBytes, length: data.readableBytes)
+        } else {
+            guard let bytes = self.bufferedFrameData.getData(at: data.readerIndex, length: data.readableBytes),
+                String(data: bytes, encoding: .utf8) != nil
+            else {
+                throw LCLWebSocketError.invalidUTF8String
+            }
+        }
+    }
+
+    private func combineFrames(firstFrame: WebSocketFrame, allocator: ByteBufferAllocator) -> WebSocketFrame {
+        WebSocketFrame(
+            fin: firstFrame.fin,
+            rsv1: firstFrame.rsv1,
+            rsv2: firstFrame.rsv2,
+            rsv3: firstFrame.rsv3,
+            opcode: firstFrame.opcode,
+            maskKey: firstFrame.maskKey,
+            data: self.bufferedFrameData,
+            extensionData: firstFrame.extensionData
+        )
+    }
+
+    private func clearBufferedFrames() {
+        self.firstFrame = nil
+        self.bufferedFrameData.clear()
+        self.totalBufferedFrameCount = 0
+    }
 }
 
 extension WebSocketErrorCode {