* [Qemu-devel] [PATCH 1/1] io: ignore case in WebSocket HTTP header #PSBM-57554
@ 2017-01-30 13:19 Denis V. Lunev
2017-01-30 15:47 ` Daniel P. Berrange
2017-02-27 20:11 ` Daniel P. Berrange
0 siblings, 2 replies; 5+ messages in thread
From: Denis V. Lunev @ 2017-01-30 13:19 UTC (permalink / raw)
To: qemu-devel; +Cc: Anton Nefedov, Denis V . Lunev, Daniel P . Berrange
From: Anton Nefedov <anton.nefedov@virtuozzo.com>
According to RFC7230 Section 3.2, header field name is case-insensitive.
The haystack string length is limited by 4096 bytes by
qio_channel_websock_handshake_read().
Further, handshake_process() dups and NULL-terminates the string
so it is safe to call non length-limited functions like strcasestr().
Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Daniel P. Berrange <berrange@redhat.com>
---
io/channel-websock.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/io/channel-websock.c b/io/channel-websock.c
index d5a4ed3..991925a 100644
--- a/io/channel-websock.c
+++ b/io/channel-websock.c
@@ -108,18 +108,16 @@ enum {
};
static char *qio_channel_websock_handshake_entry(const char *handshake,
- size_t handshake_len,
const char *name)
{
char *begin, *end, *ret = NULL;
char *line = g_strdup_printf("%s%s: ",
QIO_CHANNEL_WEBSOCK_HANDSHAKE_DELIM,
name);
- begin = g_strstr_len(handshake, handshake_len, line);
+ begin = strcasestr(handshake, line);
if (begin != NULL) {
begin += strlen(line);
- end = g_strstr_len(begin, handshake_len - (begin - handshake),
- QIO_CHANNEL_WEBSOCK_HANDSHAKE_DELIM);
+ end = strstr(begin, QIO_CHANNEL_WEBSOCK_HANDSHAKE_DELIM);
if (end != NULL) {
ret = g_strndup(begin, end - begin);
}
@@ -170,12 +168,14 @@ static int qio_channel_websock_handshake_process(QIOChannelWebsock *ioc,
Error **errp)
{
int ret = -1;
+ /* make it NULL-terminated */
+ char *handshake = g_strndup(line, size);
char *protocols = qio_channel_websock_handshake_entry(
- line, size, QIO_CHANNEL_WEBSOCK_HEADER_PROTOCOL);
+ handshake, QIO_CHANNEL_WEBSOCK_HEADER_PROTOCOL);
char *version = qio_channel_websock_handshake_entry(
- line, size, QIO_CHANNEL_WEBSOCK_HEADER_VERSION);
+ handshake, QIO_CHANNEL_WEBSOCK_HEADER_VERSION);
char *key = qio_channel_websock_handshake_entry(
- line, size, QIO_CHANNEL_WEBSOCK_HEADER_KEY);
+ handshake, QIO_CHANNEL_WEBSOCK_HEADER_KEY);
if (!protocols) {
error_setg(errp, "Missing websocket protocol header data");
@@ -213,6 +213,7 @@ static int qio_channel_websock_handshake_process(QIOChannelWebsock *ioc,
ret = qio_channel_websock_handshake_send_response(ioc, key, errp);
cleanup:
+ g_free(handshake);
g_free(protocols);
g_free(version);
g_free(key);
@@ -248,10 +249,12 @@ static int qio_channel_websock_handshake_read(QIOChannelWebsock *ioc,
}
}
- if (qio_channel_websock_handshake_process(ioc,
- (char *)ioc->encinput.buffer,
- ioc->encinput.offset,
- errp) < 0) {
+ if (qio_channel_websock_handshake_process(
+ ioc,
+ (char *)ioc->encinput.buffer,
+ handshake_end - (char *)ioc->encinput.buffer
+ + strlen(QIO_CHANNEL_WEBSOCK_HANDSHAKE_END),
+ errp) < 0) {
return -1;
}
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH 1/1] io: ignore case in WebSocket HTTP header #PSBM-57554
2017-01-30 13:19 [Qemu-devel] [PATCH 1/1] io: ignore case in WebSocket HTTP header #PSBM-57554 Denis V. Lunev
@ 2017-01-30 15:47 ` Daniel P. Berrange
2017-01-30 15:52 ` Denis V. Lunev
2017-02-27 20:11 ` Daniel P. Berrange
1 sibling, 1 reply; 5+ messages in thread
From: Daniel P. Berrange @ 2017-01-30 15:47 UTC (permalink / raw)
To: Denis V. Lunev; +Cc: qemu-devel, Anton Nefedov
What is #PSBM-57554 referring to ? Is that some custom bug tracker
you have ? I'm going to drop that unless its something we need to
keep
On Mon, Jan 30, 2017 at 04:19:56PM +0300, Denis V. Lunev wrote:
> From: Anton Nefedov <anton.nefedov@virtuozzo.com>
>
> According to RFC7230 Section 3.2, header field name is case-insensitive.
>
> The haystack string length is limited by 4096 bytes by
> qio_channel_websock_handshake_read().
>
> Further, handshake_process() dups and NULL-terminates the string
> so it is safe to call non length-limited functions like strcasestr().
>
> Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
> Signed-off-by: Denis V. Lunev <den@openvz.org>
> CC: Daniel P. Berrange <berrange@redhat.com>
> ---
> io/channel-websock.c | 25 ++++++++++++++-----------
> 1 file changed, 14 insertions(+), 11 deletions(-)
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
will add this to my io queue
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH 1/1] io: ignore case in WebSocket HTTP header #PSBM-57554
2017-01-30 15:47 ` Daniel P. Berrange
@ 2017-01-30 15:52 ` Denis V. Lunev
0 siblings, 0 replies; 5+ messages in thread
From: Denis V. Lunev @ 2017-01-30 15:52 UTC (permalink / raw)
To: Daniel P. Berrange; +Cc: qemu-devel, Anton Nefedov
On 01/30/2017 06:47 PM, Daniel P. Berrange wrote:
> What is #PSBM-57554 referring to ? Is that some custom bug tracker
> you have ? I'm going to drop that unless its something we need to
> keep
it must be dropped. Sorry, this is my mistake.
Den
> On Mon, Jan 30, 2017 at 04:19:56PM +0300, Denis V. Lunev wrote:
>> From: Anton Nefedov <anton.nefedov@virtuozzo.com>
>>
>> According to RFC7230 Section 3.2, header field name is case-insensitive.
>>
>> The haystack string length is limited by 4096 bytes by
>> qio_channel_websock_handshake_read().
>>
>> Further, handshake_process() dups and NULL-terminates the string
>> so it is safe to call non length-limited functions like strcasestr().
>>
>> Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
>> Signed-off-by: Denis V. Lunev <den@openvz.org>
>> CC: Daniel P. Berrange <berrange@redhat.com>
>> ---
>> io/channel-websock.c | 25 ++++++++++++++-----------
>> 1 file changed, 14 insertions(+), 11 deletions(-)
> Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
>
> will add this to my io queue
>
> Regards,
> Daniel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH 1/1] io: ignore case in WebSocket HTTP header #PSBM-57554
2017-01-30 13:19 [Qemu-devel] [PATCH 1/1] io: ignore case in WebSocket HTTP header #PSBM-57554 Denis V. Lunev
2017-01-30 15:47 ` Daniel P. Berrange
@ 2017-02-27 20:11 ` Daniel P. Berrange
2017-02-27 20:13 ` Denis V. Lunev
1 sibling, 1 reply; 5+ messages in thread
From: Daniel P. Berrange @ 2017-02-27 20:11 UTC (permalink / raw)
To: Denis V. Lunev; +Cc: qemu-devel, Anton Nefedov
On Mon, Jan 30, 2017 at 04:19:56PM +0300, Denis V. Lunev wrote:
> From: Anton Nefedov <anton.nefedov@virtuozzo.com>
>
> According to RFC7230 Section 3.2, header field name is case-insensitive.
>
> The haystack string length is limited by 4096 bytes by
> qio_channel_websock_handshake_read().
>
> Further, handshake_process() dups and NULL-terminates the string
> so it is safe to call non length-limited functions like strcasestr().
>
> Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
> Signed-off-by: Denis V. Lunev <den@openvz.org>
> CC: Daniel P. Berrange <berrange@redhat.com>
> ---
> io/channel-websock.c | 25 ++++++++++++++-----------
> 1 file changed, 14 insertions(+), 11 deletions(-)
>
> diff --git a/io/channel-websock.c b/io/channel-websock.c
> index d5a4ed3..991925a 100644
> --- a/io/channel-websock.c
> +++ b/io/channel-websock.c
> @@ -108,18 +108,16 @@ enum {
> };
>
> static char *qio_channel_websock_handshake_entry(const char *handshake,
> - size_t handshake_len,
> const char *name)
> {
> char *begin, *end, *ret = NULL;
> char *line = g_strdup_printf("%s%s: ",
> QIO_CHANNEL_WEBSOCK_HANDSHAKE_DELIM,
> name);
> - begin = g_strstr_len(handshake, handshake_len, line);
> + begin = strcasestr(handshake, line);
So this turns out to break Windows builds since there's no strcasestr
on Mingw. There's no alternative that I know of in glib and I don't
fancy implementing a custom strcasestr() function. So I'm going to
drop this patch entirely, and copy you on an alternative fix that
simply converts the input data to lowercase before comparison. Would
appreciate if you can test my alternate patch with whatever client
you had problems with.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH 1/1] io: ignore case in WebSocket HTTP header #PSBM-57554
2017-02-27 20:11 ` Daniel P. Berrange
@ 2017-02-27 20:13 ` Denis V. Lunev
0 siblings, 0 replies; 5+ messages in thread
From: Denis V. Lunev @ 2017-02-27 20:13 UTC (permalink / raw)
To: Daniel P. Berrange; +Cc: qemu-devel, Anton Nefedov
On 02/27/2017 11:11 PM, Daniel P. Berrange wrote:
> On Mon, Jan 30, 2017 at 04:19:56PM +0300, Denis V. Lunev wrote:
>> From: Anton Nefedov <anton.nefedov@virtuozzo.com>
>>
>> According to RFC7230 Section 3.2, header field name is case-insensitive.
>>
>> The haystack string length is limited by 4096 bytes by
>> qio_channel_websock_handshake_read().
>>
>> Further, handshake_process() dups and NULL-terminates the string
>> so it is safe to call non length-limited functions like strcasestr().
>>
>> Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
>> Signed-off-by: Denis V. Lunev <den@openvz.org>
>> CC: Daniel P. Berrange <berrange@redhat.com>
>> ---
>> io/channel-websock.c | 25 ++++++++++++++-----------
>> 1 file changed, 14 insertions(+), 11 deletions(-)
>>
>> diff --git a/io/channel-websock.c b/io/channel-websock.c
>> index d5a4ed3..991925a 100644
>> --- a/io/channel-websock.c
>> +++ b/io/channel-websock.c
>> @@ -108,18 +108,16 @@ enum {
>> };
>>
>> static char *qio_channel_websock_handshake_entry(const char *handshake,
>> - size_t handshake_len,
>> const char *name)
>> {
>> char *begin, *end, *ret = NULL;
>> char *line = g_strdup_printf("%s%s: ",
>> QIO_CHANNEL_WEBSOCK_HANDSHAKE_DELIM,
>> name);
>> - begin = g_strstr_len(handshake, handshake_len, line);
>> + begin = strcasestr(handshake, line);
> So this turns out to break Windows builds since there's no strcasestr
> on Mingw. There's no alternative that I know of in glib and I don't
> fancy implementing a custom strcasestr() function. So I'm going to
> drop this patch entirely, and copy you on an alternative fix that
> simply converts the input data to lowercase before comparison. Would
> appreciate if you can test my alternate patch with whatever client
> you had problems with.
>
> Regards,
> Daniel
Sure!
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-02-27 20:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-30 13:19 [Qemu-devel] [PATCH 1/1] io: ignore case in WebSocket HTTP header #PSBM-57554 Denis V. Lunev
2017-01-30 15:47 ` Daniel P. Berrange
2017-01-30 15:52 ` Denis V. Lunev
2017-02-27 20:11 ` Daniel P. Berrange
2017-02-27 20:13 ` Denis V. Lunev
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.