Bug 1518649

Summary: Client compatibility flaws in VNC websockets server
Product: Red Hat Enterprise Linux 7 Reporter: Daniel Berrangé <berrange>
Component: qemu-kvm-rhevAssignee: Daniel Berrangé <berrange>
Status: CLOSED ERRATA QA Contact: Guo, Zhiyi <zhguo>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.5CC: chayang, jinzhao, juzhang, michen, mtessun, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.10.0-14.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-11 00:49:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daniel Berrangé 2017-11-29 12:03:10 UTC 
Description of problem:
QEMU's built-in VNC websockets server got stricter validation of HTTP requests added in 2.9.0, but while well-intentioned the validation was too strict. In particular it did not do case-insensitive header value checks, and didn't cope with certain headers having multiple values.

This broke compatibility with a number of websockets clients.

Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.10.0-9.el7

How reproducible:
Some noVNC / web browser combinations only

Steps to Reproduce:
1. Run  qemu-kvm -vnc 0.0.0.0:1,websockets=5800
2. Install an apache server, serving a HTML page with the noVNC client embedded 
3. Attempt to connect to QEMU's websockets server on port 5800

Actual results:
Some browsers, particularly IE 11 might fail to connect

Expected results:
ALl browser successfully connect to the websockets server

Additional info:
Comment 2 Daniel Berrangé 2017-11-29 13:05:56 UTC 
The problems are fixed upstream in 2.11 by

52aa5644e8e89ebfc3b1d0abdb7cc502ce9db599 io: Add missing GCC_FMT_ATTR (fix -Werror=suggest-attribute=format)
7fc3fcefe2fc5966c6aa1ef4f10e9740d8d73bf2 io: fix mem leak in websock error path
0efd6c9ec19a1ea6c413424fbea54e1dfe471026 io: add trace points for websocket HTTP protocol headers
6d5d23b00709510d55711661c7ca41408fd9934e io: cope with websock 'Connection' header having multiple values
8dfd5f96515ca20c4eb109cb0ee28e2bb32fc505 io: get rid of bounce buffering in websock write path
fb74e5903914b9ec8c80b6f7a35da000f9f92ae7 io: pass a struct iovec into qio_channel_websock_encode
bac6c95415788c03590542eb244c723a18d0771c io: get rid of qio_channel_websock_encode helper method
57b0cdf152b7266e68bfa3e84635d4bdb64ef2cd io: simplify websocket ping reply handling
a7b20a8efa28e5f22c26c06cd06c2f12bc863493 io: monitor encoutput buffer size from websocket GSource
530ca60c16c83435d4becc9916d74fa43e003815 io: Attempt to send websocket close messages to client
268a53f50de795481dd73ffd0e0c1339ad3dc44b io: Reply to ping frames
01af17fc002414ee1ac0800babfb0edc2bef1a7d io: Ignore websocket PING and PONG frames
3a29640e2cbae9d47b89ffaf98ed358920eb6797 io: Allow empty websocket payload
ff1300e626949fa9850b0f91dc5e8c2cb45b6a88 io: Add support for fragmented websocket binary frames
eefa3d8ef649f9055611361e2201cca49f8c3433 io: Small updates in preparation for websocket changes
33badfd1e3735b877e41939100511c65572be6b9 io: use case insensitive check for Connection & Upgrade websock headers
3a3f8705962c8c8a47a9b981ffd5aab7274ad508 io: include full error message in websocket handshake trace
f69a8bde29354493ff8aea64cc9cb3b531d16337 io: send proper HTTP response for websocket errors
Comment 5 Miroslav Rezanina 2018-01-02 14:19:00 UTC 
Fix included in qemu-kvm-rhev-2.10.0-14.el7
Comment 7 Guo, Zhiyi 2018-01-17 07:23:10 UTC 
Test against buggy qemu-kvm-rhev-2.10.0-13.el7.x86_64:

steps:
1. launch qemu with vnc and websocket:
/usr/libexec/qemu-kvm -vnc :0,websocket=5701
2. Install a httpd, go to /var/www/html/, git clone https://github.com/novnc/noVNC.git, go to noVNC/ , copy vnc.html to index.html
3. access host_ip in a browser to use noVNC client, configure client WebSocket port to 5701, use empty path, then click connect button

Test broswers:
ie11 embedded in win10: connect ok
chrome installed in win10: connect ok
Edge embedded in win10: connect ok
Firefox embedded in rhel7.5 guest: connect ok
ie11 installed in win7: connect fail

Test against fixed qemu-kvm-rhev-2.10.0-16.el7.x86_64

Test broswers:
ie11 embedded in win10: connect ok
chrome installed in win10: connect ok
Edge embedded in win10: connect ok
Firefox embedded in rhel7.5 guest: connect ok
ie11 installed in win7: connect ok
Comment 8 Guo, Zhiyi 2018-01-17 07:23:41 UTC 
Verified per comment 7
Comment 11 errata-xmlrpc 2018-04-11 00:49:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1104