[URGENT]: Cookies contianing some special characters crash the WatsonWebsocketServer

Question

[URGENT]: Cookies contianing some special characters crash the WatsonWebsocketServer

Closed this issue 2 years ago · 7 comments

I've been experimenting the whole day and this is the result.
If the client has a cookie that includes some special characters, the following error occurs and the server stops:

[WatsonWsServer] listener exception:
System.ArgumentException: Specified value has invalid Control characters. (Parameter 'value')
   at System.Net.HttpValidationHelpers.CheckBadHeaderValueChars(String value)
   at System.Net.WebHeaderCollection.Add(String name, String value)
   at Interop.HttpApi.GetHeaders(IntPtr memoryBlob, IntPtr originalAddress)
   at System.Net.HttpListenerRequest.get_Headers()
   at System.Net.HttpListenerRequest.get_IsWebSocketRequest()
   at WatsonWebsocket.WatsonWsServer.AcceptConnections(CancellationToken cancelToken)

I'm sorry, I can't provide a list containing all these special characters

P.S.:
Also it would be so awesome if a ClientMetadata could have the clientside cookies. It would make for example loginToken checking much easier and efficient.

Answer 1 · 2023-02-24T17:00:45.000Z

Hi @WarstekHUN looking into this now

Answer 2 · 2023-02-24T17:07:57.000Z

Hi @WarstekHUN could you provide a sample cookie that reproduces this? I just tried by adding a cookie on the client with the value tШЋЖ and was unable to reproduce it.

Answer 3 · 2023-02-24T18:08:06.000Z

Update: found this, https://stackoverflow.com/questions/22049796/specified-value-has-invalid-control-characters-when-converting-sha512-output-t

This is unfortunately something that is happening well beneath my library.

Answer 4 · 2023-02-24T18:08:35.000Z

Edit: however, you mention it's crashing - it shouldn't. Looking at that now.

Answer 5 · 2023-02-24T18:27:05.000Z

Hi @WarstekHUN I just published v4.0.8 which has a fix in the AcceptConnections method to not exit when such a situation is encountered. Please re-open if the issue persists or you encounter another problem! Also added you to the README.

NuGet: https://www.nuget.org/packages/WatsonWebsocket/4.0.8
Commit: df03318

Answer 6 · 2023-02-24T18:32:53.000Z

Hello! Thanks for the reply! I'll test if the problem still exists as soon as I'll have time. Because I'm a hungarian, I tried using hungarian alphabet characters. For some reason some characters worked, some didn't. For example 'á' didn't crash the server, but "ő" did.

Answer 7 · 2023-02-24T18:34:18.000Z

Thanks @WarstekHUN I wish I could implement changes in the underlay that this library uses. Hopefully at least in this case the server doesn't crash on you :) Cheers! PS thank you so much for letting me know!