[1/1] io: ignore case in WebSocket HTTP header #PSBM-57554
diff mbox

Message ID 1485782396-22341-1-git-send-email-den@openvz.org
State New
Headers show

Commit Message

Denis V. Lunev Jan. 30, 2017, 1:19 p.m. UTC
From: Anton Nefedov <anton.nefedov@virtuozzo.com>

According to RFC7230 Section 3.2, header field name is case-insensitive.

The haystack string length is limited by 4096 bytes by
qio_channel_websock_handshake_read().

Further, handshake_process() dups and NULL-terminates the string
so it is safe to call non length-limited functions like strcasestr().

Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Daniel P. Berrange <berrange@redhat.com>
---
 io/channel-websock.c | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

Comments

Daniel P. Berrangé Jan. 30, 2017, 3:47 p.m. UTC | #1
What is #PSBM-57554 referring to ?  Is that some custom bug tracker
you have ? I'm going to drop that unless its something we need to
keep

On Mon, Jan 30, 2017 at 04:19:56PM +0300, Denis V. Lunev wrote:
> From: Anton Nefedov <anton.nefedov@virtuozzo.com>
> 
> According to RFC7230 Section 3.2, header field name is case-insensitive.
> 
> The haystack string length is limited by 4096 bytes by
> qio_channel_websock_handshake_read().
> 
> Further, handshake_process() dups and NULL-terminates the string
> so it is safe to call non length-limited functions like strcasestr().
> 
> Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
> Signed-off-by: Denis V. Lunev <den@openvz.org>
> CC: Daniel P. Berrange <berrange@redhat.com>
> ---
>  io/channel-websock.c | 25 ++++++++++++++-----------
>  1 file changed, 14 insertions(+), 11 deletions(-)

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

will add this to my io queue

Regards,
Daniel
Denis V. Lunev Jan. 30, 2017, 3:52 p.m. UTC | #2
On 01/30/2017 06:47 PM, Daniel P. Berrange wrote:
> What is #PSBM-57554 referring to ?  Is that some custom bug tracker
> you have ? I'm going to drop that unless its something we need to
> keep
it must be dropped. Sorry, this is my mistake.

Den


> On Mon, Jan 30, 2017 at 04:19:56PM +0300, Denis V. Lunev wrote:
>> From: Anton Nefedov <anton.nefedov@virtuozzo.com>
>>
>> According to RFC7230 Section 3.2, header field name is case-insensitive.
>>
>> The haystack string length is limited by 4096 bytes by
>> qio_channel_websock_handshake_read().
>>
>> Further, handshake_process() dups and NULL-terminates the string
>> so it is safe to call non length-limited functions like strcasestr().
>>
>> Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
>> Signed-off-by: Denis V. Lunev <den@openvz.org>
>> CC: Daniel P. Berrange <berrange@redhat.com>
>> ---
>>  io/channel-websock.c | 25 ++++++++++++++-----------
>>  1 file changed, 14 insertions(+), 11 deletions(-)
> Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
>
> will add this to my io queue
>
> Regards,
> Daniel
Daniel P. Berrangé Feb. 27, 2017, 8:11 p.m. UTC | #3
On Mon, Jan 30, 2017 at 04:19:56PM +0300, Denis V. Lunev wrote:
> From: Anton Nefedov <anton.nefedov@virtuozzo.com>
> 
> According to RFC7230 Section 3.2, header field name is case-insensitive.
> 
> The haystack string length is limited by 4096 bytes by
> qio_channel_websock_handshake_read().
> 
> Further, handshake_process() dups and NULL-terminates the string
> so it is safe to call non length-limited functions like strcasestr().
> 
> Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
> Signed-off-by: Denis V. Lunev <den@openvz.org>
> CC: Daniel P. Berrange <berrange@redhat.com>
> ---
>  io/channel-websock.c | 25 ++++++++++++++-----------
>  1 file changed, 14 insertions(+), 11 deletions(-)
> 
> diff --git a/io/channel-websock.c b/io/channel-websock.c
> index d5a4ed3..991925a 100644
> --- a/io/channel-websock.c
> +++ b/io/channel-websock.c
> @@ -108,18 +108,16 @@ enum {
>  };
>  
>  static char *qio_channel_websock_handshake_entry(const char *handshake,
> -                                                 size_t handshake_len,
>                                                   const char *name)
>  {
>      char *begin, *end, *ret = NULL;
>      char *line = g_strdup_printf("%s%s: ",
>                                   QIO_CHANNEL_WEBSOCK_HANDSHAKE_DELIM,
>                                   name);
> -    begin = g_strstr_len(handshake, handshake_len, line);
> +    begin = strcasestr(handshake, line);

So this turns out to break Windows builds since there's no strcasestr
on Mingw. There's no alternative that I know of in glib and I don't
fancy implementing a custom strcasestr() function. So I'm going to
drop this patch entirely, and copy you on an alternative fix that
simply converts the input data to lowercase before comparison. Would
appreciate if you can test my alternate patch with whatever client
you had problems with.

Regards,
Daniel
Denis V. Lunev Feb. 27, 2017, 8:13 p.m. UTC | #4
On 02/27/2017 11:11 PM, Daniel P. Berrange wrote:
> On Mon, Jan 30, 2017 at 04:19:56PM +0300, Denis V. Lunev wrote:
>> From: Anton Nefedov <anton.nefedov@virtuozzo.com>
>>
>> According to RFC7230 Section 3.2, header field name is case-insensitive.
>>
>> The haystack string length is limited by 4096 bytes by
>> qio_channel_websock_handshake_read().
>>
>> Further, handshake_process() dups and NULL-terminates the string
>> so it is safe to call non length-limited functions like strcasestr().
>>
>> Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
>> Signed-off-by: Denis V. Lunev <den@openvz.org>
>> CC: Daniel P. Berrange <berrange@redhat.com>
>> ---
>>  io/channel-websock.c | 25 ++++++++++++++-----------
>>  1 file changed, 14 insertions(+), 11 deletions(-)
>>
>> diff --git a/io/channel-websock.c b/io/channel-websock.c
>> index d5a4ed3..991925a 100644
>> --- a/io/channel-websock.c
>> +++ b/io/channel-websock.c
>> @@ -108,18 +108,16 @@ enum {
>>  };
>>  
>>  static char *qio_channel_websock_handshake_entry(const char *handshake,
>> -                                                 size_t handshake_len,
>>                                                   const char *name)
>>  {
>>      char *begin, *end, *ret = NULL;
>>      char *line = g_strdup_printf("%s%s: ",
>>                                   QIO_CHANNEL_WEBSOCK_HANDSHAKE_DELIM,
>>                                   name);
>> -    begin = g_strstr_len(handshake, handshake_len, line);
>> +    begin = strcasestr(handshake, line);
> So this turns out to break Windows builds since there's no strcasestr
> on Mingw. There's no alternative that I know of in glib and I don't
> fancy implementing a custom strcasestr() function. So I'm going to
> drop this patch entirely, and copy you on an alternative fix that
> simply converts the input data to lowercase before comparison. Would
> appreciate if you can test my alternate patch with whatever client
> you had problems with.
>
> Regards,
> Daniel
Sure!

Patch
diff mbox

diff --git a/io/channel-websock.c b/io/channel-websock.c
index d5a4ed3..991925a 100644
--- a/io/channel-websock.c
+++ b/io/channel-websock.c
@@ -108,18 +108,16 @@  enum {
 };
 
 static char *qio_channel_websock_handshake_entry(const char *handshake,
-                                                 size_t handshake_len,
                                                  const char *name)
 {
     char *begin, *end, *ret = NULL;
     char *line = g_strdup_printf("%s%s: ",
                                  QIO_CHANNEL_WEBSOCK_HANDSHAKE_DELIM,
                                  name);
-    begin = g_strstr_len(handshake, handshake_len, line);
+    begin = strcasestr(handshake, line);
     if (begin != NULL) {
         begin += strlen(line);
-        end = g_strstr_len(begin, handshake_len - (begin - handshake),
-                QIO_CHANNEL_WEBSOCK_HANDSHAKE_DELIM);
+        end = strstr(begin, QIO_CHANNEL_WEBSOCK_HANDSHAKE_DELIM);
         if (end != NULL) {
             ret = g_strndup(begin, end - begin);
         }
@@ -170,12 +168,14 @@  static int qio_channel_websock_handshake_process(QIOChannelWebsock *ioc,
                                                  Error **errp)
 {
     int ret = -1;
+    /* make it NULL-terminated */
+    char *handshake = g_strndup(line, size);
     char *protocols = qio_channel_websock_handshake_entry(
-        line, size, QIO_CHANNEL_WEBSOCK_HEADER_PROTOCOL);
+        handshake, QIO_CHANNEL_WEBSOCK_HEADER_PROTOCOL);
     char *version = qio_channel_websock_handshake_entry(
-        line, size, QIO_CHANNEL_WEBSOCK_HEADER_VERSION);
+        handshake, QIO_CHANNEL_WEBSOCK_HEADER_VERSION);
     char *key = qio_channel_websock_handshake_entry(
-        line, size, QIO_CHANNEL_WEBSOCK_HEADER_KEY);
+        handshake, QIO_CHANNEL_WEBSOCK_HEADER_KEY);
 
     if (!protocols) {
         error_setg(errp, "Missing websocket protocol header data");
@@ -213,6 +213,7 @@  static int qio_channel_websock_handshake_process(QIOChannelWebsock *ioc,
     ret = qio_channel_websock_handshake_send_response(ioc, key, errp);
 
  cleanup:
+    g_free(handshake);
     g_free(protocols);
     g_free(version);
     g_free(key);
@@ -248,10 +249,12 @@  static int qio_channel_websock_handshake_read(QIOChannelWebsock *ioc,
         }
     }
 
-    if (qio_channel_websock_handshake_process(ioc,
-                                              (char *)ioc->encinput.buffer,
-                                              ioc->encinput.offset,
-                                              errp) < 0) {
+    if (qio_channel_websock_handshake_process(
+            ioc,
+            (char *)ioc->encinput.buffer,
+            handshake_end - (char *)ioc->encinput.buffer
+            + strlen(QIO_CHANNEL_WEBSOCK_HANDSHAKE_END),
+            errp) < 0) {
         return -1;
     }