Make sure to only write to open transports (thanks JohnDav)

Another bad onClose call
Ditto
2026-01-12 00:17:56 -05:00 · 2010-11-01 17:52:23 -03:00 · 2010-11-01 17:47:05 -03:00 · 2010-11-01 17:44:41 -03:00 · 2010-11-01 17:43:24 -03:00 · 2010-11-01 17:27:14 -03:00
7 changed files with 51 additions and 35 deletions
--- a/lib/socket.io/client.js
+++ b/lib/socket.io/client.js
@@ -63,8 +63,10 @@ Client.prototype._onConnect = function(req, res){
  this.connection = req.connection;
  
  this.connection.addListener('end', function(){
-    self.connection.end();
-    self.connection.destroy();
+    if (self.connection){
+      self.connection.end();
+      self.connection.destroy();
+    }
    self._onClose();
  });
  
--- a/lib/socket.io/transports/htmlfile.js
+++ b/lib/socket.io/transports/htmlfile.js
@@ -41,5 +41,6 @@ HTMLFile.prototype._onConnect = function(req, res){
 };
  
 HTMLFile.prototype._write = function(message){
-  this.response.write('<script>parent.s._('+ JSON.stringify(message) +', document);</script>'); //json for escaping
+  if (this._open)
+    this.response.write('<script>parent.s._('+ JSON.stringify(message) +', document);</script>'); //json for escaping
 };
--- a/lib/socket.io/transports/jsonp-polling.js
+++ b/lib/socket.io/transports/jsonp-polling.js
@@ -20,13 +20,15 @@ JSONPPolling.prototype._onConnect = function(req, res){
 };
  
 JSONPPolling.prototype._write = function(message){
-  if (this.request.headers.origin && !this._verifyOrigin(this.request.headers.origin)){
-    message = "alert('Cross domain security restrictions not met');";
-  } else {
-    message = "io.JSONP["+ this._index +"]._("+ JSON.stringify(message) +");";
+  if (this._open){
+    if (this.request.headers.origin && !this._verifyOrigin(this.request.headers.origin)){
+      message = "alert('Cross domain security restrictions not met');";
+    } else {
+      message = "io.JSONP["+ this._index +"]._("+ JSON.stringify(message) +");";
+    }
+    this.response.writeHead(200, {'Content-Type': 'text/javascript; charset=UTF-8', 'Content-Length': Buffer.byteLength(message)});
+    this.response.write(message);
+    this.response.end();
+    this._onClose();
  }
-  this.response.writeHead(200, {'Content-Type': 'text/javascript; charset=UTF-8', 'Content-Length': Buffer.byteLength(message)});
-  this.response.write(message);
-  this.response.end();
-  this._onClose();
 };
--- a/lib/socket.io/transports/websocket.js
+++ b/lib/socket.io/transports/websocket.js
@@ -19,7 +19,8 @@ WebSocket.prototype._onConnect = function(req, socket){
  
  if (this.request.headers.upgrade !== 'WebSocket' || !this._verifyOrigin(this.request.headers.origin)){
    this.listener.options.log('WebSocket connection invalid or Origin not verified');
-    this._onClose();
+    this.connection.end();
+    this.connection.destroy();
    return false;
  }
  
@@ -55,7 +56,8 @@ WebSocket.prototype._onConnect = function(req, socket){
    try {
      this.connection.write(headers.concat('', '').join('\r\n'));
    } catch(e){
-      this._onClose();
+      this.connection.end();
+      this.connection.destroy();
    }
  }
  
@@ -75,7 +77,12 @@ WebSocket.prototype._handle = function(data){
    chunk = chunks[i];
    if (chunk[0] !== '\u0000'){
      this.listener.options.log('Data incorrectly framed by UA. Dropping connection');
-      this._onClose();
+      if (this._open){
+        this._onClose();
+      } else {
+        this.connection.end();
+        this.connection.destroy();
+      }
      return false;
    }
    this._onMessage(chunk.slice(1));
@@ -85,8 +92,9 @@ WebSocket.prototype._handle = function(data){

 // http://www.whatwg.org/specs/web-apps/current-work/complete/network.html#opening-handshake
 WebSocket.prototype._proveReception = function(headers){
-  var k1 = this.request.headers['sec-websocket-key1'],
-      k2 = this.request.headers['sec-websocket-key2'];
+  var self = this
+    , k1 = this.request.headers['sec-websocket-key1']
+    , k2 = this.request.headers['sec-websocket-key2'];
  
  if (k1 && k2){
    var md5 = crypto.createHash('md5');
@@ -96,10 +104,9 @@ WebSocket.prototype._proveReception = function(headers){
          spaces = k.replace(/[^ ]/g, '').length;
          
      if (spaces === 0 || n % spaces !== 0){
-        if (this.listener && this.listener.options){
-          this.listener.options.log('Invalid WebSocket key: "' + k + '". Dropping connection');
-          this._onClose();
-        }
+        self.listener.options.log('Invalid WebSocket key: "' + k + '". Dropping connection');
+        self.connection.end();
+        self.connection.destroy();
        return false;
      }

@@ -117,7 +124,8 @@ WebSocket.prototype._proveReception = function(headers){
    try {
      this.connection.write(headers.concat('', '').join('\r\n') + md5.digest('binary'), 'binary');
    } catch(e){
-      this._onClose();
+      this.connection.end();
+      this.connection.destroy();
    }
  }
  
--- a/lib/socket.io/transports/xhr-multipart.js
+++ b/lib/socket.io/transports/xhr-multipart.js
@@ -56,8 +56,9 @@ Multipart.prototype._onConnect = function(req, res){
 };
  
 Multipart.prototype._write = function(message){
-  this.response.write("Content-Type: text/plain" + (message.length === 1 && message.charCodeAt(0) === 6 ? "; charset=us-ascii" : "") + "\n\n");
-  this.response.write(message + "\n");
-  this.response.write("--socketio\n");
-  if ('flush' in this.response) this.response.flush();
+  if (this._open){
+    this.response.write("Content-Type: text/plain" + (message.length === 1 && message.charCodeAt(0) === 6 ? "; charset=us-ascii" : "") + "\n\n");
+    this.response.write(message + "\n");
+    this.response.write("--socketio\n");
+  }
 };
--- a/lib/socket.io/transports/xhr-polling.js
+++ b/lib/socket.io/transports/xhr-polling.js
@@ -62,14 +62,16 @@ Polling.prototype._onClose = function(){
 };
  
 Polling.prototype._write = function(message){
-  var headers = {'Content-Type': 'text/plain; charset=UTF-8', 'Content-Length': Buffer.byteLength(message)};
-  // https://developer.mozilla.org/En/HTTP_Access_Control
-  if (this.request.headers.origin && this._verifyOrigin(this.request.headers.origin)){
-    headers['Access-Control-Allow-Origin'] = this.request.headers.origin;
-    if (this.request.headers.cookie) headers['Access-Control-Allow-Credentials'] = 'true';
+  if (this._open){
+    var headers = {'Content-Type': 'text/plain; charset=UTF-8', 'Content-Length': Buffer.byteLength(message)};
+    // https://developer.mozilla.org/En/HTTP_Access_Control
+    if (this.request.headers.origin && this._verifyOrigin(this.request.headers.origin)){
+      headers['Access-Control-Allow-Origin'] = this.request.headers.origin;
+      if (this.request.headers.cookie) headers['Access-Control-Allow-Credentials'] = 'true';
+    }
+    this.response.writeHead(200, headers);
+    this.response.write(message);
+    this.response.end();
+    this._onClose();
  }
-  this.response.writeHead(200, headers);
-  this.response.write(message);
-  this.response.end();
-  this._onClose();
 };
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 { "name" : "socket.io"
 , "description" : "The cross-browser WebSocket"
-, "version" : "0.6.1"
+, "version" : "0.6.0"
 , "author" : "LearnBoost"
 , "licenses" :
  [ { "type" : "MIT"
Author	SHA1	Message	Date
Guillermo Rauch	4240385f6f	Make sure to only write to open transports (thanks JohnDav)	2010-11-01 17:52:23 -03:00
Guillermo Rauch	22a93d06cb	Another bad onClose call	2010-11-01 17:47:05 -03:00
Guillermo Rauch	4ea687b57e	Ditto	2010-11-01 17:44:41 -03:00
Guillermo Rauch	227671d41d	_open is still false, so destroy the connection immediately upon websocket error	2010-11-01 17:43:24 -03:00
Guillermo Rauch	7bf4ae1f05	Make sure .connection is not null on 'end'	2010-11-01 17:27:14 -03:00
Guillermo Rauch	b28d4288d5	Proper fix for invalid websocket key	2010-11-01 17:22:43 -03:00
Guillermo Rauch	835aee46bd	Bump version	2010-11-01 17:20:50 -03:00