Red Hat Bugzilla – Bug 1518649
Client compatibility flaws in VNC websockets server
Last modified: 2018-04-10 20:51:20 EDT
Description of problem: QEMU's built-in VNC websockets server got stricter validation of HTTP requests added in 2.9.0, but while well-intentioned the validation was too strict. In particular it did not do case-insensitive header value checks, and didn't cope with certain headers having multiple values. This broke compatibility with a number of websockets clients. Version-Release number of selected component (if applicable): qemu-kvm-rhev-2.10.0-9.el7 How reproducible: Some noVNC / web browser combinations only Steps to Reproduce: 1. Run qemu-kvm -vnc 0.0.0.0:1,websockets=5800 2. Install an apache server, serving a HTML page with the noVNC client embedded 3. Attempt to connect to QEMU's websockets server on port 5800 Actual results: Some browsers, particularly IE 11 might fail to connect Expected results: ALl browser successfully connect to the websockets server Additional info:
The problems are fixed upstream in 2.11 by 52aa5644e8e89ebfc3b1d0abdb7cc502ce9db599 io: Add missing GCC_FMT_ATTR (fix -Werror=suggest-attribute=format) 7fc3fcefe2fc5966c6aa1ef4f10e9740d8d73bf2 io: fix mem leak in websock error path 0efd6c9ec19a1ea6c413424fbea54e1dfe471026 io: add trace points for websocket HTTP protocol headers 6d5d23b00709510d55711661c7ca41408fd9934e io: cope with websock 'Connection' header having multiple values 8dfd5f96515ca20c4eb109cb0ee28e2bb32fc505 io: get rid of bounce buffering in websock write path fb74e5903914b9ec8c80b6f7a35da000f9f92ae7 io: pass a struct iovec into qio_channel_websock_encode bac6c95415788c03590542eb244c723a18d0771c io: get rid of qio_channel_websock_encode helper method 57b0cdf152b7266e68bfa3e84635d4bdb64ef2cd io: simplify websocket ping reply handling a7b20a8efa28e5f22c26c06cd06c2f12bc863493 io: monitor encoutput buffer size from websocket GSource 530ca60c16c83435d4becc9916d74fa43e003815 io: Attempt to send websocket close messages to client 268a53f50de795481dd73ffd0e0c1339ad3dc44b io: Reply to ping frames 01af17fc002414ee1ac0800babfb0edc2bef1a7d io: Ignore websocket PING and PONG frames 3a29640e2cbae9d47b89ffaf98ed358920eb6797 io: Allow empty websocket payload ff1300e626949fa9850b0f91dc5e8c2cb45b6a88 io: Add support for fragmented websocket binary frames eefa3d8ef649f9055611361e2201cca49f8c3433 io: Small updates in preparation for websocket changes 33badfd1e3735b877e41939100511c65572be6b9 io: use case insensitive check for Connection & Upgrade websock headers 3a3f8705962c8c8a47a9b981ffd5aab7274ad508 io: include full error message in websocket handshake trace f69a8bde29354493ff8aea64cc9cb3b531d16337 io: send proper HTTP response for websocket errors
Fix included in qemu-kvm-rhev-2.10.0-14.el7
Test against buggy qemu-kvm-rhev-2.10.0-13.el7.x86_64: steps: 1. launch qemu with vnc and websocket: /usr/libexec/qemu-kvm -vnc :0,websocket=5701 2. Install a httpd, go to /var/www/html/, git clone https://github.com/novnc/noVNC.git, go to noVNC/ , copy vnc.html to index.html 3. access host_ip in a browser to use noVNC client, configure client WebSocket port to 5701, use empty path, then click connect button Test broswers: ie11 embedded in win10: connect ok chrome installed in win10: connect ok Edge embedded in win10: connect ok Firefox embedded in rhel7.5 guest: connect ok ie11 installed in win7: connect fail Test against fixed qemu-kvm-rhev-2.10.0-16.el7.x86_64 Test broswers: ie11 embedded in win10: connect ok chrome installed in win10: connect ok Edge embedded in win10: connect ok Firefox embedded in rhel7.5 guest: connect ok ie11 installed in win7: connect ok
Verified per comment 7
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:1104