Re: [Qemu-devel] [PATCH v1 6/7] io: cope with websock 'Connection' header having multiple values

["Daniel P. Berrange" <berrange@redhat.com>]

On Tue, Oct 10, 2017 at 12:42:55PM -0500, Eric Blake wrote:
> On 10/10/2017 10:43 AM, Daniel P. Berrange wrote:
> > The noVNC server sends a header "Connection: keep-alive, Upgrade" which
> > fails our simple equality test. Split the header on ',', trim whitespace
> > and then check for 'upgrade' token.
> > 
> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> > ---
> >  io/channel-websock.c | 14 +++++++++++++-
> >  1 file changed, 13 insertions(+), 1 deletion(-)
> > 
> 
> > @@ -440,7 +443,16 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc,
> >          goto bad_request;
> >      }
> >  
> > -    if (strcasecmp(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) != 0) {
> 
> My first thought was whether you could just use strcasestr() instead of
> strcasecmp(), rather than the malloc overhead of g_strsplit().  But that
> would treat "noUpgradeGarbage" as success, making your approach a bit
> stricter.

Also note that when reading HTTP headers we've already limited max data
size to 4k for the entire HTTP header set. So we're doing g_strsplit
over a pretty short piece of data, so negligible perf implications
of that.

> 
> Reviewed-by: Eric Blake <eblake@redhat.com>

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|