[{"id":1765346,"web_url":"http://patchwork.ozlabs.org/comment/1765346/","msgid":"<70a0110b-8295-f0d1-a69c-29d83178d6e9@amsat.org>","list_archive_url":null,"date":"2017-09-08T13:22:00","subject":"Re: [Qemu-devel] [PATCH v2 3/3] io: use case insensitive check for\n\tConnection & Upgrade websock headers","submitter":{"id":70924,"url":"http://patchwork.ozlabs.org/api/people/70924/","name":"Philippe Mathieu-Daudé","email":"f4bug@amsat.org"},"content":"Hi Daniel,\n\nOn 09/08/2017 07:30 AM, Daniel P. Berrange wrote:\n> When checking the value of the Connection and Upgrade HTTP headers\n> the websock RFC (6455) requires the comparison to be case insensitive.\n> The Connection value should be an exact match not a substring.\n> \n> Reviewed-by: Eric Blake \n> Signed-off-by: Daniel P. Berrange \n> ---\n> io/channel-websock.c | 4 ++--\n> 1 file changed, 2 insertions(+), 2 deletions(-)\n> \n> diff --git a/io/channel-websock.c b/io/channel-websock.c\n> index aed7a6c9b3..ab332ec907 100644\n> --- a/io/channel-websock.c\n> +++ b/io/channel-websock.c\n> @@ -427,12 +427,12 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc,\n> goto bad_request;\n> }\n> \n> - if (!g_strrstr(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE)) {\n> + if (strcasecmp(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) != 0) {\n\nWhy not use g_ascii_strcasecmp() ?\n\n> error_setg(errp, \"No connection upgrade requested '%s'\", connection);\n> goto bad_request;\n> }\n> \n> - if (!g_str_equal(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET)) {\n> + if (strcasecmp(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET) != 0) {\n> error_setg(errp, \"Incorrect upgrade method '%s'\", upgrade);\n> goto bad_request;\n> }\n>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"Uh/mXYEC\"; dkim-atps=neutral"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xpdKb1CRvz9s4s\n\tfor ;\n\tFri, 8 Sep 2017 23:22:41 +1000 (AEST)","from localhost ([::1]:45451 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t)\n\tid 1dqJF1-0003lj-52\n\tfor incoming@patchwork.ozlabs.org; Fri, 08 Sep 2017 09:22:39 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:60511)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from )\n\tid 1dqJEV-0003ky-PI\n\tfor qemu-devel@nongnu.org; Fri, 08 Sep 2017 09:22:08 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from )\n\tid 1dqJES-00051h-K2\n\tfor qemu-devel@nongnu.org; Fri, 08 Sep 2017 09:22:07 -0400","from mail-qt0-x241.google.com ([2607:f8b0:400d:c0d::241]:35731)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.71) (envelope-from )\n\tid 1dqJES-000515-FT\n\tfor qemu-devel@nongnu.org; Fri, 08 Sep 2017 09:22:04 -0400","by mail-qt0-x241.google.com with SMTP id p55so1539512qtc.2\n\tfor ; Fri, 08 Sep 2017 06:22:04 -0700 (PDT)","from [192.168.1.10] ([181.93.89.178])\n\tby smtp.gmail.com with ESMTPSA id\n\ta91sm1385046qka.90.2017.09.08.06.22.01\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tFri, 08 Sep 2017 06:22:03 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=sender:subject:to:cc:references:from:message-id:date:user-agent\n\t:mime-version:in-reply-to:content-language:content-transfer-encoding; \n\tbh=pAB/28VQtRWD0gc6EmoTtefmWZ0xHIAhttT1oTflNIU=;\n\tb=Uh/mXYECtcCBhMEQA73tysCD8aFHs8zZl4tM9PKzefFzQEm/Fe4FflasyyJi8Ti5Hk\n\tp7NKcDjiQda/yfjNWLdNxE0U/qrh8RqYjo/jnZRDfrRpuRHGA8r80L7YqiEeY3mPQDKW\n\t6SDn0GW4Gf+3MgWT/Gn6aBfF3r8z/UrvJSfrkaLA4t+myFKohXyL6Xq2kMhixf5Z/StK\n\tlpw7SHq35DjHx2yJXll9ORy9SNBc+Btcviy98ocIYRfDq8qZzBI2r55nJ0lg+iQAjQYQ\n\tCtHmS6wWh7uQwhW9uQb36gju8v0NTOIm3140f4GriAI6X4GGOy08UpA/i+1CGrV5CddT\n\th8zA==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:sender:subject:to:cc:references:from:message-id\n\t:date:user-agent:mime-version:in-reply-to:content-language\n\t:content-transfer-encoding;\n\tbh=pAB/28VQtRWD0gc6EmoTtefmWZ0xHIAhttT1oTflNIU=;\n\tb=aeHLG05EwLGQN39aKUsoif+ojAunnH6Ri8CVC0akuinvF4FA9RwzE2gv4Pm61g87v+\n\tobxAlkQ223ACKStzkpJq9J8/el5Ufdb3uIZGYp5eNdzi/cw1oZeOj3HLJ66c14Dy6UWf\n\t4/Ra9HztY1T5cztzaQnYrREy/E6Vrqa3EsH5ZXWVjq7Re3QKpq3gTc+K4H6LBTSr0i7S\n\tg3XnYu4nNRtnGPqma7SpWrprLiF2DiSXZZ+tjxSdqnQckZoTC9DqtNemnPlh3eQLXqSQ\n\tHstEaWzhxk7tGj0ZBwr07thYmNYONs124tQi+wa2hcRxjnzXiBgkTJ0ySHptYsQZ/kIp\n\tT/Ng==","X-Gm-Message-State":"AHPjjUhtTg9SpEjATD7GTWPY0+k8nHXVxih13/YsXOno3i7AgwYJbUj5\n\tDnSRadB45v5dtz5mWIQ=","X-Google-Smtp-Source":"AOwi7QAtnGU8SWCxwxGsnlx4RQL/v4DlcMMmVszfSaDIz5edyTCOPu8C+v0eUtB/lagdm7YJpRFwvQ==","X-Received":"by 10.237.35.203 with SMTP id k11mr4173718qtc.332.1504876923959; \n\tFri, 08 Sep 2017 06:22:03 -0700 (PDT)","To":"\"Daniel P. Berrange\" , qemu-devel@nongnu.org","References":"<20170908103011.25821-1-berrange@redhat.com>\n\t<20170908103011.25821-4-berrange@redhat.com>","From":"=?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= ","Message-ID":"<70a0110b-8295-f0d1-a69c-29d83178d6e9@amsat.org>","Date":"Fri, 8 Sep 2017 10:22:00 -0300","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.3.0","MIME-Version":"1.0","In-Reply-To":"<20170908103011.25821-4-berrange@redhat.com>","Content-Type":"text/plain; charset=utf-8; format=flowed","Content-Language":"en-US","Content-Transfer-Encoding":"7bit","X-detected-operating-system":"by eggs.gnu.org: Genre and OS details not\n\trecognized.","X-Received-From":"2607:f8b0:400d:c0d::241","Subject":"Re: [Qemu-devel] [PATCH v2 3/3] io: use case insensitive check for\n\tConnection & Upgrade websock headers","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Cc":"Brian Rak ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t"}},{"id":1765353,"web_url":"http://patchwork.ozlabs.org/comment/1765353/","msgid":"<20170908132633.GE32645@redhat.com>","list_archive_url":null,"date":"2017-09-08T13:26:33","subject":"Re: [Qemu-devel] [PATCH v2 3/3] io: use case insensitive check for\n\tConnection & Upgrade websock headers","submitter":{"id":2694,"url":"http://patchwork.ozlabs.org/api/people/2694/","name":"Daniel P. Berrangé","email":"berrange@redhat.com"},"content":"On Fri, Sep 08, 2017 at 10:22:00AM -0300, Philippe Mathieu-Daudé wrote:\n> Hi Daniel,\n> \n> On 09/08/2017 07:30 AM, Daniel P. Berrange wrote:\n> > When checking the value of the Connection and Upgrade HTTP headers\n> > the websock RFC (6455) requires the comparison to be case insensitive.\n> > The Connection value should be an exact match not a substring.\n> > \n> > Reviewed-by: Eric Blake \n> > Signed-off-by: Daniel P. Berrange \n> > ---\n> > io/channel-websock.c | 4 ++--\n> > 1 file changed, 2 insertions(+), 2 deletions(-)\n> > \n> > diff --git a/io/channel-websock.c b/io/channel-websock.c\n> > index aed7a6c9b3..ab332ec907 100644\n> > --- a/io/channel-websock.c\n> > +++ b/io/channel-websock.c\n> > @@ -427,12 +427,12 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc,\n> > goto bad_request;\n> > }\n> > - if (!g_strrstr(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE)) {\n> > + if (strcasecmp(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) != 0) {\n> \n> Why not use g_ascii_strcasecmp() ?\n\nFunctionally it doesn't matter either way, but there's no usage of\ng_ascii_strcasecmp in QEMU so I don't see a benefit to using that\n\n> \n> > error_setg(errp, \"No connection upgrade requested '%s'\", connection);\n> > goto bad_request;\n> > }\n> > - if (!g_str_equal(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET)) {\n> > + if (strcasecmp(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET) != 0) {\n> > error_setg(errp, \"Incorrect upgrade method '%s'\", upgrade);\n> > goto bad_request;\n> > }\n> > \n\nRegards,\nDaniel","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=)","ext-mx03.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com","ext-mx03.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=berrange@redhat.com"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xpdQn2YJ6z9s7c\n\tfor ;\n\tFri, 8 Sep 2017 23:27:13 +1000 (AEST)","from localhost ([::1]:45466 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t)\n\tid 1dqJJP-00068K-5u\n\tfor incoming@patchwork.ozlabs.org; Fri, 08 Sep 2017 09:27:11 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:33874)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from ) id 1dqJIv-00066E-HR\n\tfor qemu-devel@nongnu.org; Fri, 08 Sep 2017 09:26:42 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from ) id 1dqJIr-0000Y9-Ha\n\tfor qemu-devel@nongnu.org; Fri, 08 Sep 2017 09:26:41 -0400","from mx1.redhat.com ([209.132.183.28]:38822)\n\tby eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from ) id 1dqJIr-0000XW-BO\n\tfor qemu-devel@nongnu.org; Fri, 08 Sep 2017 09:26:37 -0400","from smtp.corp.redhat.com\n\t(int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id 56A627E421;\n\tFri, 8 Sep 2017 13:26:36 +0000 (UTC)","from redhat.com (unknown [10.33.36.66])\n\tby smtp.corp.redhat.com (Postfix) with ESMTPS id 5B5D160590;\n\tFri, 8 Sep 2017 13:26:35 +0000 (UTC)"],"DMARC-Filter":"OpenDMARC Filter v1.3.2 mx1.redhat.com 56A627E421","Date":"Fri, 8 Sep 2017 14:26:33 +0100","From":"\"Daniel P. Berrange\" ","To":"Philippe =?utf-8?q?Mathieu-Daud=C3=A9?= ","Message-ID":"<20170908132633.GE32645@redhat.com>","References":"<20170908103011.25821-1-berrange@redhat.com>\n\t<20170908103011.25821-4-berrange@redhat.com>\n\t<70a0110b-8295-f0d1-a69c-29d83178d6e9@amsat.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Disposition":"inline","In-Reply-To":"<70a0110b-8295-f0d1-a69c-29d83178d6e9@amsat.org>","User-Agent":"Mutt/1.8.3 (2017-05-23)","X-Scanned-By":"MIMEDefang 2.79 on 10.5.11.11","X-Greylist":"Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.27]);\n\tFri, 08 Sep 2017 13:26:36 +0000 (UTC)","Content-Transfer-Encoding":"quoted-printable","X-detected-operating-system":"by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]\n\t[fuzzy]","X-Received-From":"209.132.183.28","Subject":"Re: [Qemu-devel] [PATCH v2 3/3] io: use case insensitive check for\n\tConnection & Upgrade websock headers","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Reply-To":"\"Daniel P. Berrange\" ","Cc":"Brian Rak , qemu-devel@nongnu.org","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t"}}]