Message ID | 20171010154328.8419-7-berrange@redhat.com |
---|---|
State | New |
Headers | show |
Series | Limit websockets memory usage & other bug fixes | expand |
On 10/10/2017 10:43 AM, Daniel P. Berrange wrote: > The noVNC server sends a header "Connection: keep-alive, Upgrade" which > fails our simple equality test. Split the header on ',', trim whitespace > and then check for 'upgrade' token. > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > --- > io/channel-websock.c | 14 +++++++++++++- > 1 file changed, 13 insertions(+), 1 deletion(-) > > @@ -440,7 +443,16 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc, > goto bad_request; > } > > - if (strcasecmp(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) != 0) { My first thought was whether you could just use strcasestr() instead of strcasecmp(), rather than the malloc overhead of g_strsplit(). But that would treat "noUpgradeGarbage" as success, making your approach a bit stricter. Reviewed-by: Eric Blake <eblake@redhat.com>
On Tue, Oct 10, 2017 at 12:42:55PM -0500, Eric Blake wrote: > On 10/10/2017 10:43 AM, Daniel P. Berrange wrote: > > The noVNC server sends a header "Connection: keep-alive, Upgrade" which > > fails our simple equality test. Split the header on ',', trim whitespace > > and then check for 'upgrade' token. > > > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > > --- > > io/channel-websock.c | 14 +++++++++++++- > > 1 file changed, 13 insertions(+), 1 deletion(-) > > > > > @@ -440,7 +443,16 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc, > > goto bad_request; > > } > > > > - if (strcasecmp(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) != 0) { > > My first thought was whether you could just use strcasestr() instead of > strcasecmp(), rather than the malloc overhead of g_strsplit(). But that > would treat "noUpgradeGarbage" as success, making your approach a bit > stricter. Also note that when reading HTTP headers we've already limited max data size to 4k for the entire HTTP header set. So we're doing g_strsplit over a pretty short piece of data, so negligible perf implications of that. > > Reviewed-by: Eric Blake <eblake@redhat.com> Regards, Daniel
diff --git a/io/channel-websock.c b/io/channel-websock.c index 455f5e322c..a21915881d 100644 --- a/io/channel-websock.c +++ b/io/channel-websock.c @@ -374,6 +374,9 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc, size_t nhdrs = G_N_ELEMENTS(hdrs); const char *protocols = NULL, *version = NULL, *key = NULL, *host = NULL, *connection = NULL, *upgrade = NULL; + char **connectionv; + bool upgraded = false; + size_t i; nhdrs = qio_channel_websock_extract_headers(ioc, buffer, hdrs, nhdrs, errp); if (!nhdrs) { @@ -440,7 +443,16 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc, goto bad_request; } - if (strcasecmp(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) != 0) { + connectionv = g_strsplit(connection, ",", 0); + for (i = 0; connectionv != NULL && connectionv[i] != NULL; i++) { + g_strstrip(connectionv[i]); + if (strcasecmp(connectionv[i], + QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) == 0) { + upgraded = true; + } + } + g_strfreev(connectionv); + if (!upgraded) { error_setg(errp, "No connection upgrade requested '%s'", connection); goto bad_request; }
The noVNC server sends a header "Connection: keep-alive, Upgrade" which fails our simple equality test. Split the header on ',', trim whitespace and then check for 'upgrade' token. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- io/channel-websock.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-)