Bug 1518649 - Client compatibility flaws in VNC websockets server
Summary: Client compatibility flaws in VNC websockets server
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev
Version: 7.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Daniel Berrange
QA Contact: Guo, Zhiyi
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-29 12:03 UTC by Daniel Berrange
Modified: 2018-04-11 00:51 UTC (History)
6 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2018-04-11 00:49:36 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:1104 None None None 2018-04-11 00:51 UTC

Description Daniel Berrange 2017-11-29 12:03:10 UTC
Description of problem:
QEMU's built-in VNC websockets server got stricter validation of HTTP requests added in 2.9.0, but while well-intentioned the validation was too strict. In particular it did not do case-insensitive header value checks, and didn't cope with certain headers having multiple values.

This broke compatibility with a number of websockets clients.

Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.10.0-9.el7

How reproducible:
Some noVNC / web browser combinations only

Steps to Reproduce:
1. Run  qemu-kvm -vnc 0.0.0.0:1,websockets=5800
2. Install an apache server, serving a HTML page with the noVNC client embedded 
3. Attempt to connect to QEMU's websockets server on port 5800

Actual results:
Some browsers, particularly IE 11 might fail to connect

Expected results:
ALl browser successfully connect to the websockets server

Additional info:

Comment 2 Daniel Berrange 2017-11-29 13:05:56 UTC
The problems are fixed upstream in 2.11 by

52aa5644e8e89ebfc3b1d0abdb7cc502ce9db599 io: Add missing GCC_FMT_ATTR (fix -Werror=suggest-attribute=format)
7fc3fcefe2fc5966c6aa1ef4f10e9740d8d73bf2 io: fix mem leak in websock error path
0efd6c9ec19a1ea6c413424fbea54e1dfe471026 io: add trace points for websocket HTTP protocol headers
6d5d23b00709510d55711661c7ca41408fd9934e io: cope with websock 'Connection' header having multiple values
8dfd5f96515ca20c4eb109cb0ee28e2bb32fc505 io: get rid of bounce buffering in websock write path
fb74e5903914b9ec8c80b6f7a35da000f9f92ae7 io: pass a struct iovec into qio_channel_websock_encode
bac6c95415788c03590542eb244c723a18d0771c io: get rid of qio_channel_websock_encode helper method
57b0cdf152b7266e68bfa3e84635d4bdb64ef2cd io: simplify websocket ping reply handling
a7b20a8efa28e5f22c26c06cd06c2f12bc863493 io: monitor encoutput buffer size from websocket GSource
530ca60c16c83435d4becc9916d74fa43e003815 io: Attempt to send websocket close messages to client
268a53f50de795481dd73ffd0e0c1339ad3dc44b io: Reply to ping frames
01af17fc002414ee1ac0800babfb0edc2bef1a7d io: Ignore websocket PING and PONG frames
3a29640e2cbae9d47b89ffaf98ed358920eb6797 io: Allow empty websocket payload
ff1300e626949fa9850b0f91dc5e8c2cb45b6a88 io: Add support for fragmented websocket binary frames
eefa3d8ef649f9055611361e2201cca49f8c3433 io: Small updates in preparation for websocket changes
33badfd1e3735b877e41939100511c65572be6b9 io: use case insensitive check for Connection & Upgrade websock headers
3a3f8705962c8c8a47a9b981ffd5aab7274ad508 io: include full error message in websocket handshake trace
f69a8bde29354493ff8aea64cc9cb3b531d16337 io: send proper HTTP response for websocket errors

Comment 5 Miroslav Rezanina 2018-01-02 14:19:00 UTC
Fix included in qemu-kvm-rhev-2.10.0-14.el7

Comment 7 Guo, Zhiyi 2018-01-17 07:23:10 UTC
Test against buggy qemu-kvm-rhev-2.10.0-13.el7.x86_64:

steps:
1. launch qemu with vnc and websocket:
/usr/libexec/qemu-kvm -vnc :0,websocket=5701
2. Install a httpd, go to /var/www/html/, git clone https://github.com/novnc/noVNC.git, go to noVNC/ , copy vnc.html to index.html
3. access host_ip in a browser to use noVNC client, configure client WebSocket port to 5701, use empty path, then click connect button

Test broswers:
ie11 embedded in win10: connect ok
chrome installed in win10: connect ok
Edge embedded in win10: connect ok
Firefox embedded in rhel7.5 guest: connect ok
ie11 installed in win7: connect fail

Test against fixed qemu-kvm-rhev-2.10.0-16.el7.x86_64

Test broswers:
ie11 embedded in win10: connect ok
chrome installed in win10: connect ok
Edge embedded in win10: connect ok
Firefox embedded in rhel7.5 guest: connect ok
ie11 installed in win7: connect ok

Comment 8 Guo, Zhiyi 2018-01-17 07:23:41 UTC
Verified per comment 7

Comment 11 errata-xmlrpc 2018-04-11 00:49:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1104


Note You need to log in before you can comment on or make changes to this bug.