Message ID | 20170908103011.25821-4-berrange@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Hi Daniel, On 09/08/2017 07:30 AM, Daniel P. Berrange wrote: > When checking the value of the Connection and Upgrade HTTP headers > the websock RFC (6455) requires the comparison to be case insensitive. > The Connection value should be an exact match not a substring. > > Reviewed-by: Eric Blake <eblake@redhat.com> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > --- > io/channel-websock.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/io/channel-websock.c b/io/channel-websock.c > index aed7a6c9b3..ab332ec907 100644 > --- a/io/channel-websock.c > +++ b/io/channel-websock.c > @@ -427,12 +427,12 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc, > goto bad_request; > } > > - if (!g_strrstr(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE)) { > + if (strcasecmp(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) != 0) { Why not use g_ascii_strcasecmp() ? > error_setg(errp, "No connection upgrade requested '%s'", connection); > goto bad_request; > } > > - if (!g_str_equal(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET)) { > + if (strcasecmp(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET) != 0) { > error_setg(errp, "Incorrect upgrade method '%s'", upgrade); > goto bad_request; > } >
On Fri, Sep 08, 2017 at 10:22:00AM -0300, Philippe Mathieu-Daudé wrote: > Hi Daniel, > > On 09/08/2017 07:30 AM, Daniel P. Berrange wrote: > > When checking the value of the Connection and Upgrade HTTP headers > > the websock RFC (6455) requires the comparison to be case insensitive. > > The Connection value should be an exact match not a substring. > > > > Reviewed-by: Eric Blake <eblake@redhat.com> > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > > --- > > io/channel-websock.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/io/channel-websock.c b/io/channel-websock.c > > index aed7a6c9b3..ab332ec907 100644 > > --- a/io/channel-websock.c > > +++ b/io/channel-websock.c > > @@ -427,12 +427,12 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc, > > goto bad_request; > > } > > - if (!g_strrstr(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE)) { > > + if (strcasecmp(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) != 0) { > > Why not use g_ascii_strcasecmp() ? Functionally it doesn't matter either way, but there's no usage of g_ascii_strcasecmp in QEMU so I don't see a benefit to using that > > > error_setg(errp, "No connection upgrade requested '%s'", connection); > > goto bad_request; > > } > > - if (!g_str_equal(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET)) { > > + if (strcasecmp(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET) != 0) { > > error_setg(errp, "Incorrect upgrade method '%s'", upgrade); > > goto bad_request; > > } > > Regards, Daniel
diff --git a/io/channel-websock.c b/io/channel-websock.c index aed7a6c9b3..ab332ec907 100644 --- a/io/channel-websock.c +++ b/io/channel-websock.c @@ -427,12 +427,12 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc, goto bad_request; } - if (!g_strrstr(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE)) { + if (strcasecmp(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) != 0) { error_setg(errp, "No connection upgrade requested '%s'", connection); goto bad_request; } - if (!g_str_equal(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET)) { + if (strcasecmp(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET) != 0) { error_setg(errp, "Incorrect upgrade method '%s'", upgrade); goto bad_request; }