RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1518649 - Client compatibility flaws in VNC websockets server
Summary: Client compatibility flaws in VNC websockets server
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev
Version: 7.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Daniel Berrangé
QA Contact: Guo, Zhiyi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-29 12:03 UTC by Daniel Berrangé
Modified: 2018-04-11 00:51 UTC (History)
6 users (show)

Fixed In Version: qemu-kvm-rhev-2.10.0-14.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-11 00:49:36 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:1104 0 None None None 2018-04-11 00:51:20 UTC

Description Daniel Berrangé 2017-11-29 12:03:10 UTC 
Description of problem:
QEMU's built-in VNC websockets server got stricter validation of HTTP requests added in 2.9.0, but while well-intentioned the validation was too strict. In particular it did not do case-insensitive header value checks, and didn't cope with certain headers having multiple values.

This broke compatibility with a number of websockets clients.

Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.10.0-9.el7

How reproducible:
Some noVNC / web browser combinations only

Steps to Reproduce:
1. Run  qemu-kvm -vnc 0.0.0.0:1,websockets=5800
2. Install an apache server, serving a HTML page with the noVNC client embedded 
3. Attempt to connect to QEMU's websockets server on port 5800

Actual results:
Some browsers, particularly IE 11 might fail to connect

Expected results:
ALl browser successfully connect to the websockets server

Additional info:
Comment 2 Daniel Berrangé 2017-11-29 13:05:56 UTC 
The problems are fixed upstream in 2.11 by

52aa5644e8e89ebfc3b1d0abdb7cc502ce9db599 io: Add missing GCC_FMT_ATTR (fix -Werror=suggest-attribute=format)
7fc3fcefe2fc5966c6aa1ef4f10e9740d8d73bf2 io: fix mem leak in websock error path
0efd6c9ec19a1ea6c413424fbea54e1dfe471026 io: add trace points for websocket HTTP protocol headers
6d5d23b00709510d55711661c7ca41408fd9934e io: cope with websock 'Connection' header having multiple values
8dfd5f96515ca20c4eb109cb0ee28e2bb32fc505 io: get rid of bounce buffering in websock write path
fb74e5903914b9ec8c80b6f7a35da000f9f92ae7 io: pass a struct iovec into qio_channel_websock_encode
bac6c95415788c03590542eb244c723a18d0771c io: get rid of qio_channel_websock_encode helper method
57b0cdf152b7266e68bfa3e84635d4bdb64ef2cd io: simplify websocket ping reply handling
a7b20a8efa28e5f22c26c06cd06c2f12bc863493 io: monitor encoutput buffer size from websocket GSource
530ca60c16c83435d4becc9916d74fa43e003815 io: Attempt to send websocket close messages to client
268a53f50de795481dd73ffd0e0c1339ad3dc44b io: Reply to ping frames
01af17fc002414ee1ac0800babfb0edc2bef1a7d io: Ignore websocket PING and PONG frames
3a29640e2cbae9d47b89ffaf98ed358920eb6797 io: Allow empty websocket payload
ff1300e626949fa9850b0f91dc5e8c2cb45b6a88 io: Add support for fragmented websocket binary frames
eefa3d8ef649f9055611361e2201cca49f8c3433 io: Small updates in preparation for websocket changes
33badfd1e3735b877e41939100511c65572be6b9 io: use case insensitive check for Connection & Upgrade websock headers
3a3f8705962c8c8a47a9b981ffd5aab7274ad508 io: include full error message in websocket handshake trace
f69a8bde29354493ff8aea64cc9cb3b531d16337 io: send proper HTTP response for websocket errors
Comment 5 Miroslav Rezanina 2018-01-02 14:19:00 UTC 
Fix included in qemu-kvm-rhev-2.10.0-14.el7
Comment 7 Guo, Zhiyi 2018-01-17 07:23:10 UTC 
Test against buggy qemu-kvm-rhev-2.10.0-13.el7.x86_64:

steps:
1. launch qemu with vnc and websocket:
/usr/libexec/qemu-kvm -vnc :0,websocket=5701
2. Install a httpd, go to /var/www/html/, git clone https://github.com/novnc/noVNC.git, go to noVNC/ , copy vnc.html to index.html
3. access host_ip in a browser to use noVNC client, configure client WebSocket port to 5701, use empty path, then click connect button

Test broswers:
ie11 embedded in win10: connect ok
chrome installed in win10: connect ok
Edge embedded in win10: connect ok
Firefox embedded in rhel7.5 guest: connect ok
ie11 installed in win7: connect fail

Test against fixed qemu-kvm-rhev-2.10.0-16.el7.x86_64

Test broswers:
ie11 embedded in win10: connect ok
chrome installed in win10: connect ok
Edge embedded in win10: connect ok
Firefox embedded in rhel7.5 guest: connect ok
ie11 installed in win7: connect ok
Comment 8 Guo, Zhiyi 2018-01-17 07:23:41 UTC 
Verified per comment 7
Comment 11 errata-xmlrpc 2018-04-11 00:49:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1104
Note You need to log in before you can comment on or make changes to this bug.