On 02/28/2017 01:09 PM, Daniel P. Berrange wrote:
> On Mon, Feb 27, 2017 at 03:20:37PM -0600, Eric Blake wrote:
>> On 02/27/2017 02:14 PM, Daniel P. Berrange wrote:
>>> According to RFC7230 Section 3.2, header field name is case-insensitive.
>>> Convert the header data into all lowercase before doing string matching
>>> on the headers.
>>>
>>> Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
>>> ---
>>> io/channel-websock.c | 14 +++++++++-----
>>> 1 file changed, 9 insertions(+), 5 deletions(-)
>>>
>>> @@ -223,7 +223,7 @@ static int
>>> qio_channel_websock_handshake_process(QIOChannelWebsock *ioc,
>>> static int qio_channel_websock_handshake_read(QIOChannelWebsock *ioc,
>>> Error **errp)
>>> {
>>> - char *handshake_end;
>>> + char *handshake_end, *tmp;
>>> ssize_t ret;
>>> /* Typical HTTP headers from novnc are 512 bytes, so limiting
>>> * total header size to 4096 is easily enough. */
>> Drive-by grammar nit: s/easily/easy/
>>
>>> @@ -249,9 +249,13 @@ static int
>>> qio_channel_websock_handshake_read(QIOChannelWebsock *ioc,
>>> }
>>> }
>>>
>>> + for (tmp = (char *)ioc->encinput.buffer; tmp < handshake_end; tmp++) {
>>> + *tmp = g_ascii_tolower(*tmp);
>>> + }
>>> +
>>> if (qio_channel_websock_handshake_process(ioc,
>>> (char *)ioc->encinput.buffer,
>>> - ioc->encinput.offset,
>>> + handshake_end - (char
>>> *)ioc->encinput.buffer,
>> I'm not sure why this change is here; nothing else in the patch changed
>> ioc->encinput.offset.
> It is a related bug. The ioc->encinput buffer contains upto 4096
> bytes, but that data may cover both the header & payload. The
> handshake_end pointer refers to the end of the header region.
> So if we just pass encinput.offset, then handshake_process()
> will be searching part of the payload as well as the header.
> This might cause it do match the wrong data. I guess I should
> have made that clear in the commit, or even tput it in a
> separate commit
>
> Regards,
> Daniel
with this comment this is obviously correct :)
Reviewed-by: Denis V. Lunev <d...@openvz.org>
