From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Denis V. Lunev" <den@openvz.org>,
Anton Nefedov <anton.nefedov@virtuozzo.com>
Subject: Re: [Qemu-devel] [PATCH] io: ignore case when matching websockets HTTP headers
Date: Tue, 28 Feb 2017 10:48:28 +0000 [thread overview]
Message-ID: <20170228104828.GA2720@redhat.com> (raw)
In-Reply-To: <20170227201456.31814-1-berrange@redhat.com>
On Mon, Feb 27, 2017 at 08:14:56PM +0000, Daniel P. Berrange wrote:
> According to RFC7230 Section 3.2, header field name is case-insensitive.
> Convert the header data into all lowercase before doing string matching
> on the headers.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
> io/channel-websock.c | 14 +++++++++-----
> 1 file changed, 9 insertions(+), 5 deletions(-)
>
> diff --git a/io/channel-websock.c b/io/channel-websock.c
> index a06a4a8..32b7f37 100644
> --- a/io/channel-websock.c
> +++ b/io/channel-websock.c
> @@ -33,9 +33,9 @@
> #define QIO_CHANNEL_WEBSOCK_GUID "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"
> #define QIO_CHANNEL_WEBSOCK_GUID_LEN strlen(QIO_CHANNEL_WEBSOCK_GUID)
>
> -#define QIO_CHANNEL_WEBSOCK_HEADER_PROTOCOL "Sec-WebSocket-Protocol"
> -#define QIO_CHANNEL_WEBSOCK_HEADER_VERSION "Sec-WebSocket-Version"
> -#define QIO_CHANNEL_WEBSOCK_HEADER_KEY "Sec-WebSocket-Key"
> +#define QIO_CHANNEL_WEBSOCK_HEADER_PROTOCOL "sec-websocket-protocol"
> +#define QIO_CHANNEL_WEBSOCK_HEADER_VERSION "sec-websocket-version"
> +#define QIO_CHANNEL_WEBSOCK_HEADER_KEY "sec-websocket-key"
>
> #define QIO_CHANNEL_WEBSOCK_PROTOCOL_BINARY "binary"
>
> @@ -223,7 +223,7 @@ static int qio_channel_websock_handshake_process(QIOChannelWebsock *ioc,
> static int qio_channel_websock_handshake_read(QIOChannelWebsock *ioc,
> Error **errp)
> {
> - char *handshake_end;
> + char *handshake_end, *tmp;
> ssize_t ret;
> /* Typical HTTP headers from novnc are 512 bytes, so limiting
> * total header size to 4096 is easily enough. */
> @@ -249,9 +249,13 @@ static int qio_channel_websock_handshake_read(QIOChannelWebsock *ioc,
> }
> }
>
> + for (tmp = (char *)ioc->encinput.buffer; tmp < handshake_end; tmp++) {
> + *tmp = g_ascii_tolower(*tmp);
> + }
> +
self-nack - this does not in fact work - while it is fine to lowercase
the header keys, we must not touch the header values as some data is
case-sensitive
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
next prev parent reply other threads:[~2017-02-28 10:48 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-27 20:14 [Qemu-devel] [PATCH] io: ignore case when matching websockets HTTP headers Daniel P. Berrange
2017-02-27 21:20 ` Eric Blake
2017-02-28 7:29 ` Denis V. Lunev
2017-02-28 10:09 ` Daniel P. Berrange
2017-02-28 10:12 ` Denis V. Lunev
2017-02-27 21:28 ` no-reply
2017-02-28 10:48 ` Daniel P. Berrange [this message]
2017-02-28 10:54 ` Denis V. Lunev
2017-02-28 10:58 ` Denis V. Lunev
2017-02-28 11:56 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170228104828.GA2720@redhat.com \
--to=berrange@redhat.com \
--cc=anton.nefedov@virtuozzo.com \
--cc=den@openvz.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.