From d798068a0816a66b80b8096aa77212468c0155c4 Mon Sep 17 00:00:00 2001
From: Fabio Alessandrelli <fabio.alessandrelli@gmail.com>
Date: Fri, 20 Dec 2024 05:04:22 +0100
Subject: [PATCH] [WS] Fix wslay multi-frame message parsing

The wslay library, somehow unintuitively, will call the frame recv end
callback for control frames.

This has the side effect that while receiving a long message (i.e. a
multi-frame message), if a control frame (e.g. a ping or pong) is
received it may seem that a FIN frame has been received, resulting in
the current code truncating the message.

To avoid this, this commit now ignores the frame recv end callback, and
instead rely on the msg recv callback where we can check the opcode, and
is guaranteed to be called only when the FIN frame is received for text
and binary frames.
---
 modules/websocket/wsl_peer.cpp | 22 +++++++++-------------
 modules/websocket/wsl_peer.h   |  1 -
 2 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/modules/websocket/wsl_peer.cpp b/modules/websocket/wsl_peer.cpp
index 81e56735831..9ffc343571e 100644
--- a/modules/websocket/wsl_peer.cpp
+++ b/modules/websocket/wsl_peer.cpp
@@ -611,17 +611,6 @@ void WSLPeer::_wsl_frame_recv_chunk_callback(wslay_event_context_ptr ctx, const
 	}
 }
 
-void WSLPeer::_wsl_frame_recv_end_callback(wslay_event_context_ptr ctx, void *user_data) {
-	WSLPeer *peer = (WSLPeer *)user_data;
-	PendingMessage &pm = peer->pending_message;
-	if (pm.opcode != 0) {
-		// Only write the packet (since it's now completed).
-		uint8_t is_string = pm.opcode == WSLAY_TEXT_FRAME ? 1 : 0;
-		peer->in_buffer.write_packet(nullptr, pm.payload_size, &is_string);
-		pm.clear();
-	}
-}
-
 ssize_t WSLPeer::_wsl_send_callback(wslay_event_context_ptr ctx, const uint8_t *data, size_t len, int flags, void *user_data) {
 	WSLPeer *peer = (WSLPeer *)user_data;
 	Ref<StreamPeer> conn = peer->connection;
@@ -669,8 +658,15 @@ void WSLPeer::_wsl_msg_recv_callback(wslay_event_context_ptr ctx, const struct w
 
 	if (op == WSLAY_PONG) {
 		peer->heartbeat_waiting = false;
+	} else if (op == WSLAY_TEXT_FRAME || op == WSLAY_BINARY_FRAME) {
+		PendingMessage &pm = peer->pending_message;
+		ERR_FAIL_COND(pm.opcode != op);
+		// Only write the packet (since it's now completed).
+		uint8_t is_string = pm.opcode == WSLAY_TEXT_FRAME ? 1 : 0;
+		peer->in_buffer.write_packet(nullptr, pm.payload_size, &is_string);
+		pm.clear();
 	}
-	// Ping, or message (already parsed in chunks).
+	// Ping.
 }
 
 wslay_event_callbacks WSLPeer::_wsl_callbacks = {
@@ -679,7 +675,7 @@ wslay_event_callbacks WSLPeer::_wsl_callbacks = {
 	_wsl_genmask_callback,
 	_wsl_recv_start_callback,
 	_wsl_frame_recv_chunk_callback,
-	_wsl_frame_recv_end_callback,
+	nullptr,
 	_wsl_msg_recv_callback
 };
 
diff --git a/modules/websocket/wsl_peer.h b/modules/websocket/wsl_peer.h
index 45cca48224d..cd874365bcf 100644
--- a/modules/websocket/wsl_peer.h
+++ b/modules/websocket/wsl_peer.h
@@ -55,7 +55,6 @@ private:
 	static ssize_t _wsl_recv_callback(wslay_event_context_ptr ctx, uint8_t *data, size_t len, int flags, void *user_data);
 	static void _wsl_recv_start_callback(wslay_event_context_ptr ctx, const struct wslay_event_on_frame_recv_start_arg *arg, void *user_data);
 	static void _wsl_frame_recv_chunk_callback(wslay_event_context_ptr ctx, const struct wslay_event_on_frame_recv_chunk_arg *arg, void *user_data);
-	static void _wsl_frame_recv_end_callback(wslay_event_context_ptr ctx, void *user_data);
 
 	static ssize_t _wsl_send_callback(wslay_event_context_ptr ctx, const uint8_t *data, size_t len, int flags, void *user_data);
 	static int _wsl_genmask_callback(wslay_event_context_ptr ctx, uint8_t *buf, size_t len, void *user_data);