From d5095fe98c3976673c19f433c0114d06dbd8de1b Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne Date: Thu, 19 Sep 2024 12:05:38 +0200 Subject: [PATCH] fix(eio): prevent the client from upgrading twice (uws) Related: https://github.com/socketio/socket.io/issues/5066 --- packages/engine.io/lib/userver.ts | 6 +++--- packages/engine.io/test/server.js | 20 ++++++++++++++++++++ 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/packages/engine.io/lib/userver.ts b/packages/engine.io/lib/userver.ts index 6cef789bca..bbbb04d8ac 100644 --- a/packages/engine.io/lib/userver.ts +++ b/packages/engine.io/lib/userver.ts @@ -185,13 +185,13 @@ export class uServer extends BaseServer { const client = this.clients[id]; if (!client) { debug("upgrade attempt for closed client"); - res.close(); + return res.close(); } else if (client.upgrading) { debug("transport has already been trying to upgrade"); - res.close(); + return res.close(); } else if (client.upgraded) { debug("transport had already been upgraded"); - res.close(); + return res.close(); } else { debug("upgrading existing transport"); transport = this.createTransport(req._query.transport, req); diff --git a/packages/engine.io/test/server.js b/packages/engine.io/test/server.js index 898e53f673..1795b00bbc 100644 --- a/packages/engine.io/test/server.js +++ b/packages/engine.io/test/server.js @@ -205,6 +205,26 @@ describe("server", () => { }); }); + it("should prevent the client from upgrading twice", (done) => { + engine = listen((port) => { + const client = new ClientSocket(`ws://localhost:${port}`); + + client.on("upgrade", () => { + const socket = new WebSocket( + `ws://localhost:${port}/engine.io/?EIO=4&transport=websocket&sid=${client.id}`, + ); + + socket.on("error", () => {}); + + socket.on("close", () => { + client.close(); + + done(); + }); + }); + }); + }); + it("should disallow `__proto__` as transport (polling)", (done) => { const partialDone = createPartialDone(done, 2);