_handshakeSignature() throwing "TypeError: value is out of bounds" error
Closed this issue · 3 comments
Starting around Aug 24, our servers are crashing several times per day with the following stack trace:
TypeError: value is out of bounds
at TypeError (<anonymous>)
at checkInt (buffer.js:705:11)
at Buffer.writeUInt32BE (buffer.js:748:5)
at instance._handshakeSignature (/Users/josh/app/node_modules/sockjs/node_modules/faye-websocket/node_modules/websocket-driver/lib/websocket/driver/draft76.js:70:12)
at instance._sendHandshakeBody (/Users/josh/app/node_modules/sockjs/node_modules/faye-websocket/node_modules/websocket-driver/lib/websocket/driver/draft76.js:79:26)
at null.<anonymous> (/Users/josh/app/node_modules/sockjs/node_modules/faye-websocket/node_modules/websocket-driver/lib/websocket/driver/draft75.js:37:16)
at StreamReader.eachByte (/Users/josh/app/node_modules/sockjs/node_modules/faye-websocket/node_modules/websocket-driver/lib/websocket/driver/stream_reader.js:60:16)
at instance.parse (/Users/josh/app/node_modules/sockjs/node_modules/faye-websocket/node_modules/websocket-driver/lib/websocket/driver/draft75.js:31:18)
at IO.write (/Users/josh/app/node_modules/sockjs/node_modules/faye-websocket/node_modules/websocket-driver/lib/websocket/streams.js:80:16)
at Socket.ondata (stream.js:51:26)
It also sometimes crashes at line 69 of draft76.js instead of line 70:
var headers = this._request.headers,
key1 = headers['sec-websocket-key1'],
value1 = numberFromKey(key1) / spacesInKey(key1),
key2 = headers['sec-websocket-key2'],
value2 = numberFromKey(key2) / spacesInKey(key2),
md5 = crypto.createHash('md5'),
buffer = new Buffer(8 + this.BODY_SIZE);
buffer.writeUInt32BE(value1, 0); // <-- (line 69): sometimes it crashes here
buffer.writeUInt32BE(value2, 4); // <-- (line 70): other times it crashes here
So it looks like the values of the Sec-Websocket-Key1 and Sec-Websocket-Key2 headers are occasionally throwing off faye-websocket.
It's unclear why this started happening only a week ago as we didn't change anything on our end at that point. We're still using Node v0.10.40 with SockJS 0.3.15 + Faye-Websocket 0.9.4.
Do you think Faye-Websocket's behavior here is correct? If so, how could I catch such an exception and fail the connection before it crashes my app?
Thanks in advance for your help!
Any suggestions on how to address this? Is it a Faye-Websocket bug?
When this happens, can you log out the sec-websocket-key{1,2}
headers and share them here?
The same issue has been reported against websocket-driver
which is where the error is happening. Please comment on faye/websocket-driver-node#16 if you have more info.