From 14023075bfa7350a3a2268cb6d7e38e046b24bcf Mon Sep 17 00:00:00 2001
From: Hiroshi Ichikawa <gimite@gmail.com>
Date: Sat, 5 Nov 2011 19:58:11 +0900
Subject: Closing connection on masked frame from server. Issue #103

---
 WebSocketMain.swf                                  | Bin 177064 -> 177103 bytes
 WebSocketMainInsecure.zip                          | Bin 170140 -> 170287 bytes
 flash-src/src/net/gimite/websocket/WebSocket.as    |   7 +++++++
 .../src/net/gimite/websocket/WebSocketFrame.as     |   6 +++++-
 4 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/WebSocketMain.swf b/WebSocketMain.swf
index 53ad376..d14c51c 100644
Binary files a/WebSocketMain.swf and b/WebSocketMain.swf differ
diff --git a/WebSocketMainInsecure.zip b/WebSocketMainInsecure.zip
index e979830..e3f974f 100644
Binary files a/WebSocketMainInsecure.zip and b/WebSocketMainInsecure.zip differ
diff --git a/flash-src/src/net/gimite/websocket/WebSocket.as b/flash-src/src/net/gimite/websocket/WebSocket.as
index 6a47283..111b705 100644
--- a/flash-src/src/net/gimite/websocket/WebSocket.as
+++ b/flash-src/src/net/gimite/websocket/WebSocket.as
@@ -323,6 +323,8 @@ public class WebSocket extends EventDispatcher {
           pos = -1;
           if (frame.rsv != 0) {
             close(1002, "RSV must be 0.");
+          } else if (frame.mask) {
+            close(1002, "Frame from server must not be masked.");
           } else if (frame.opcode >= 0x08 && frame.opcode <= 0x0f && frame.payload.length >= 126) {
             close(1004, "Payload of control frame must be less than 126 bytes.");
           } else {
@@ -339,6 +341,8 @@ public class WebSocket extends EventDispatcher {
                 }
                 break;
               case OPCODE_BINARY:
+                // See https://github.com/gimite/web-socket-js/pull/89
+                // for discussion about supporting binary data.
                 close(1003, "Received binary data, which is not supported.");
                 break;
               case OPCODE_CLOSE:
@@ -487,6 +491,9 @@ public class WebSocket extends EventDispatcher {
     frame.fin = (buffer[0] & 0x80) != 0;
     frame.rsv = (buffer[0] & 0x70) >> 4;
     frame.opcode  = buffer[0] & 0x0f;
+    // Payload unmasking is not implemented because masking frames from server
+    // is not allowed. This field is used only for error checking.
+    frame.mask = (buffer[1] & 0x80) != 0;
     plength = buffer[1] & 0x7f;
 
     if (plength == 126) {
diff --git a/flash-src/src/net/gimite/websocket/WebSocketFrame.as b/flash-src/src/net/gimite/websocket/WebSocketFrame.as
index 060e9aa..1ce1c54 100644
--- a/flash-src/src/net/gimite/websocket/WebSocketFrame.as
+++ b/flash-src/src/net/gimite/websocket/WebSocketFrame.as
@@ -6,12 +6,16 @@ package net.gimite.websocket {
 import flash.utils.ByteArray;
 
 public class WebSocketFrame {
+  
   public var fin:Boolean = true;
   public var rsv:int = 0;
   public var opcode:int = -1;
   public var payload:ByteArray;
-  // Not used when used as a parameter of sendFrame().
+  
+  // Fields below are not used when used as a parameter of sendFrame().
   public var length:uint = 0;
+  public var mask:Boolean = false;
+  
 }
 
 }
-- 
cgit v1.2.1