Re: [Qemu-devel] [PATCH] io: ignore case when matching websockets HTTP headers

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Daniel P. Berrange" <berrange@redhat.com>
To: "Denis V. Lunev" <den@virtuozzo.com>
Cc: qemu-devel@nongnu.org, Anton Nefedov <anton.nefedov@virtuozzo.com>
Subject: Re: [Qemu-devel] [PATCH] io: ignore case when matching websockets HTTP headers
Date: Tue, 28 Feb 2017 11:56:21 +0000	[thread overview]
Message-ID: <20170228115621.GB2720@redhat.com> (raw)
In-Reply-To: <ace8fc68-dd8c-81f6-872f-17798cce3609@virtuozzo.com>

On Tue, Feb 28, 2017 at 01:58:38PM +0300, Denis V. Lunev wrote:
> On 02/28/2017 01:54 PM, Denis V. Lunev wrote:
> > On 02/28/2017 01:48 PM, Daniel P. Berrange wrote:
> >> On Mon, Feb 27, 2017 at 08:14:56PM +0000, Daniel P. Berrange wrote:
> >>> According to RFC7230 Section 3.2, header field name is case-insensitive.
> >>> Convert the header data into all lowercase before doing string matching
> >>> on the headers.
> >>>
> >>> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> >>> ---
> >>>  io/channel-websock.c | 14 +++++++++-----
> >>>  1 file changed, 9 insertions(+), 5 deletions(-)
> >>>
> >>> diff --git a/io/channel-websock.c b/io/channel-websock.c
> >>> index a06a4a8..32b7f37 100644
> >>> --- a/io/channel-websock.c
> >>> +++ b/io/channel-websock.c
> >>> @@ -33,9 +33,9 @@
> >>>  #define QIO_CHANNEL_WEBSOCK_GUID "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"
> >>>  #define QIO_CHANNEL_WEBSOCK_GUID_LEN strlen(QIO_CHANNEL_WEBSOCK_GUID)
> >>>  
> >>> -#define QIO_CHANNEL_WEBSOCK_HEADER_PROTOCOL "Sec-WebSocket-Protocol"
> >>> -#define QIO_CHANNEL_WEBSOCK_HEADER_VERSION "Sec-WebSocket-Version"
> >>> -#define QIO_CHANNEL_WEBSOCK_HEADER_KEY "Sec-WebSocket-Key"
> >>> +#define QIO_CHANNEL_WEBSOCK_HEADER_PROTOCOL "sec-websocket-protocol"
> >>> +#define QIO_CHANNEL_WEBSOCK_HEADER_VERSION "sec-websocket-version"
> >>> +#define QIO_CHANNEL_WEBSOCK_HEADER_KEY "sec-websocket-key"
> >>>  
> >>>  #define QIO_CHANNEL_WEBSOCK_PROTOCOL_BINARY "binary"
> >>>  
> >>> @@ -223,7 +223,7 @@ static int qio_channel_websock_handshake_process(QIOChannelWebsock *ioc,
> >>>  static int qio_channel_websock_handshake_read(QIOChannelWebsock *ioc,
> >>>                                                Error **errp)
> >>>  {
> >>> -    char *handshake_end;
> >>> +    char *handshake_end, *tmp;
> >>>      ssize_t ret;
> >>>      /* Typical HTTP headers from novnc are 512 bytes, so limiting
> >>>       * total header size to 4096 is easily enough. */
> >>> @@ -249,9 +249,13 @@ static int qio_channel_websock_handshake_read(QIOChannelWebsock *ioc,
> >>>          }
> >>>      }
> >>>  
> >>> +    for (tmp = (char *)ioc->encinput.buffer; tmp < handshake_end; tmp++) {
> >>> +        *tmp = g_ascii_tolower(*tmp);
> >>> +    }
> >>> +
> >> self-nack - this does not in fact work - while it is fine to lowercase
> >> the header keys, we must not touch the header values as some data is
> >> case-sensitive
> >>
> >> Regards,
> >> Daniel
> > g-ascii-tolower() will help
> >
> > Den
> ah, sorry, wrong copy/paste. I meant 'g_ascii_strdown ()'

That would still lowercase both the key & value part of the headers.
We need to only lowercase the key, ie text between start of line
and first ':'. This requires properly parsing the HTTP header.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|

     prev parent reply	other threads:[~2017-02-28 11:56 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-27 20:14 [Qemu-devel] [PATCH] io: ignore case when matching websockets HTTP headers Daniel P. Berrange
2017-02-27 21:20 ` Eric Blake
2017-02-28  7:29   ` Denis V. Lunev
2017-02-28 10:09   ` Daniel P. Berrange
2017-02-28 10:12     ` Denis V. Lunev
2017-02-27 21:28 ` no-reply
2017-02-28 10:48 ` Daniel P. Berrange
2017-02-28 10:54   ` Denis V. Lunev
2017-02-28 10:58     ` Denis V. Lunev
2017-02-28 11:56       ` Daniel P. Berrange [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170228115621.GB2720@redhat.com \
    --to=berrange@redhat.com \
    --cc=anton.nefedov@virtuozzo.com \
    --cc=den@virtuozzo.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.