Message ID | 20170906135859.15831-1-berrange@redhat.com |
---|---|
State | New |
Headers | show |
Series | io: use case insensitive check for Connection & Upgrade websock headers | expand |
On 09/06/2017 08:58 AM, Daniel P. Berrange wrote: > When checking the value of the Connection and Upgrade HTTP headers > the websock RFC (6455) requires the comparison to be case insensitive. > The Connection value should be an exact match not a substring. > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > --- > io/channel-websock.c | 4 ++-- Reviewed-by: Eric Blake <eblake@redhat.com>
diff --git a/io/channel-websock.c b/io/channel-websock.c index 463c04b0aa..abb2470146 100644 --- a/io/channel-websock.c +++ b/io/channel-websock.c @@ -427,12 +427,12 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc, goto bad_request; } - if (!g_strrstr(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE)) { + if (strcasecmp(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) != 0) { error_setg(errp, "No connection upgrade requested '%s'", connection); goto bad_request; } - if (!g_str_equal(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET)) { + if (strcasecmp(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET) != 0) { error_setg(errp, "Incorrect upgrade method '%s'", upgrade); goto bad_request; }
When checking the value of the Connection and Upgrade HTTP headers the websock RFC (6455) requires the comparison to be case insensitive. The Connection value should be an exact match not a substring. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- io/channel-websock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)