From 6d2cd8a9934b7b97adbc27beaf517e4ea2790423 Mon Sep 17 00:00:00 2001
From: Shulhan <ms@kilabit.info>
Date: Mon, 11 Mar 2019 23:32:12 +0700
Subject: websocket: fix response code for fragmentation with invalid opcode

Connection without fragmentation with the first frame is CONT frame,
should be closed with bad-request (1002).

Connection with fragmentation but the next frame opcode is not CONT,
should be closed with bad-request (1002).
---
 lib/websocket/server.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/websocket/server.go b/lib/websocket/server.go
index ea8108da..51247af9 100644
--- a/lib/websocket/server.go
+++ b/lib/websocket/server.go
@@ -498,6 +498,7 @@ func (serv *Server) handleFragment(conn int, req *Frame) (isInvalid bool) {
 		// If a connection does not have continuous frame, then
 		// current frame opcode must not be 0.
 		if req.opcode == opcodeCont {
+			serv.handleBadRequest(conn)
 			return true
 		}
 		frames = new(Frames)
@@ -505,6 +506,7 @@ func (serv *Server) handleFragment(conn int, req *Frame) (isInvalid bool) {
 		// If a connection have continuous frame, the next frame
 		// opcode must be 0.
 		if req.opcode != opcodeCont {
+			serv.handleBadRequest(conn)
 			return true
 		}
 	}
@@ -526,6 +528,7 @@ func (serv *Server) handleFragment(conn int, req *Frame) (isInvalid bool) {
 
 	if frame.opcode == opcodeText {
 		if !utf8.Valid(frame.payload) {
+			serv.handleInvalidData(conn)
 			return true
 		}
 		serv.HandleText(conn, frame.payload)
@@ -832,7 +835,6 @@ func (serv *Server) reader() {
 				case opcodeCont, opcodeText, opcodeBin:
 					isInvalid := serv.handleFragment(conn, frame)
 					if isInvalid {
-						serv.handleInvalidData(conn)
 						isClosing = true
 					}
 				case opcodeDataRsv3, opcodeDataRsv4, opcodeDataRsv5, opcodeDataRsv6, opcodeDataRsv7:
-- 
cgit v1.3