Fix WebSocket masking issue in VNC connections

- Added retry logic with partial write handling to ws_send_binary_frame() - Prevents WebSocket frame corruption during large VNC data transmission - Fixes 'server must not mask frames' error in noVNC browser connections - ws_send_binary_frame now handles SSL write interruptions properly

Fix WebSocket masking issue in VNC connections
- Added retry logic with partial write handling to ws_send_binary_frame() - Prevents WebSocket frame corruption during large VNC data transmission - Fixes 'server must not mask frames' error in noVNC browser connections - ws_send_binary_frame now handles SSL write interruptions properly
b6d4fdb0 · Stefy Lanza (nextime / spora ) · f141f3ab · b6d4fdb0
Commit b6d4fdb0 authored Sep 23, 2025 by Stefy Lanza (nextime / spora )
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 7 deletions

websocket_protocol.c wssshd2/websocket_protocol.c +33 -7

No files found.
--- a/wssshd2/websocket_protocol.c
+++ b/wssshd2/websocket_protocol.c
@@ -538,8 +538,8 @@ bool ws_send_binary_frame(ws_connection_t *conn, const void *data, size_t len) {
        return false;
    }

-    // Simple WebSocket binary frame construction for VNC
-    // No masking (server-to-client), no complex retry logic
+    // WebSocket binary frame construction for VNC
+    // No masking (server-to-client), with retry logic for partial writes
    size_t header_len = 2;
    if (len >= 126) {
        if (len < 65536) {
@@ -578,12 +578,38 @@ bool ws_send_binary_frame(ws_connection_t *conn, const void *data, size_t len) {
        memcpy(frame + header_len, data, len);
    }

-    // Send frame
+    // Send frame with partial write handling and retry logic
    int total_written = 0;
-    if (conn->ssl) {
-        total_written = SSL_write(conn->ssl, frame, frame_len);
-    } else {
-        total_written = write(conn->sock_fd, frame, frame_len);
+    int retry_count = 0;
+    const int max_retries = 5;
+
+    while (total_written < (int)frame_len && retry_count < max_retries) {
+        int to_write = frame_len - total_written;
+        int written;
+        if (conn->ssl) {
+            written = SSL_write(conn->ssl, frame + total_written, to_write);
+            if (written <= 0) {
+                int ssl_error = SSL_get_error(conn->ssl, written);
+                // Check for recoverable SSL errors
+                if ((ssl_error == SSL_ERROR_WANT_READ || ssl_error == SSL_ERROR_WANT_WRITE ||
+                     ssl_error == SSL_ERROR_SSL || ssl_error == SSL_ERROR_SYSCALL) && retry_count < max_retries - 1) {
+                    retry_count++;
+                    usleep(10000 * (1 << retry_count)); // Exponential backoff
+                    continue;
+                } else {
+                    free(frame);
+                    return false;
+                }
+            }
+        } else {
+            written = write(conn->sock_fd, frame + total_written, to_write);
+            if (written <= 0) {
+                free(frame);
+                return false;
+            }
+        }
+        total_written += written;
+        retry_count = 0; // Reset retry count on successful write
    }

    free(frame);