1. Patchew
  2. QEMU
  3. [Qemu-devel] [PATCH v2 0/3] Improve websock response / error handling
  4. View patch

[Qemu-devel] [PATCH v2 3/3] io: use case insensitive check for Connection & Upgrade websock headers

Daniel P. Berrange posted 3 patches 8 years, 5 months ago
There is a newer version of this series
[Qemu-devel] [PATCH v2 3/3] io: use case insensitive check for Connection & Upgrade websock headers
Posted by Daniel P. Berrange 8 years, 5 months ago 
When checking the value of the Connection and Upgrade HTTP headers
the websock RFC (6455) requires the comparison to be case insensitive.
The Connection value should be an exact match not a substring.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 io/channel-websock.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/io/channel-websock.c b/io/channel-websock.c
index aed7a6c9b3..ab332ec907 100644
--- a/io/channel-websock.c
+++ b/io/channel-websock.c
@@ -427,12 +427,12 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc,
         goto bad_request;
     }
 
-    if (!g_strrstr(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE)) {
+    if (strcasecmp(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) != 0) {
         error_setg(errp, "No connection upgrade requested '%s'", connection);
         goto bad_request;
     }
 
-    if (!g_str_equal(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET)) {
+    if (strcasecmp(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET) != 0) {
         error_setg(errp, "Incorrect upgrade method '%s'", upgrade);
         goto bad_request;
     }
-- 
2.13.5
Re: [Qemu-devel] [PATCH v2 3/3] io: use case insensitive check for Connection & Upgrade websock headers
Posted by Philippe Mathieu-Daudé 8 years, 5 months ago 
Hi Daniel,

On 09/08/2017 07:30 AM, Daniel P. Berrange wrote:
> When checking the value of the Connection and Upgrade HTTP headers
> the websock RFC (6455) requires the comparison to be case insensitive.
> The Connection value should be an exact match not a substring.
> 
> Reviewed-by: Eric Blake <eblake@redhat.com>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>   io/channel-websock.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/io/channel-websock.c b/io/channel-websock.c
> index aed7a6c9b3..ab332ec907 100644
> --- a/io/channel-websock.c
> +++ b/io/channel-websock.c
> @@ -427,12 +427,12 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc,
>           goto bad_request;
>       }
>   
> -    if (!g_strrstr(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE)) {
> +    if (strcasecmp(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) != 0) {

Why not use g_ascii_strcasecmp() ?

>           error_setg(errp, "No connection upgrade requested '%s'", connection);
>           goto bad_request;
>       }
>   
> -    if (!g_str_equal(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET)) {
> +    if (strcasecmp(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET) != 0) {
>           error_setg(errp, "Incorrect upgrade method '%s'", upgrade);
>           goto bad_request;
>       }
>
Re: [Qemu-devel] [PATCH v2 3/3] io: use case insensitive check for Connection & Upgrade websock headers
Posted by Daniel P. Berrange 8 years, 5 months ago 
On Fri, Sep 08, 2017 at 10:22:00AM -0300, Philippe Mathieu-Daudé wrote:
> Hi Daniel,
> 
> On 09/08/2017 07:30 AM, Daniel P. Berrange wrote:
> > When checking the value of the Connection and Upgrade HTTP headers
> > the websock RFC (6455) requires the comparison to be case insensitive.
> > The Connection value should be an exact match not a substring.
> > 
> > Reviewed-by: Eric Blake <eblake@redhat.com>
> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> > ---
> >   io/channel-websock.c | 4 ++--
> >   1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/io/channel-websock.c b/io/channel-websock.c
> > index aed7a6c9b3..ab332ec907 100644
> > --- a/io/channel-websock.c
> > +++ b/io/channel-websock.c
> > @@ -427,12 +427,12 @@ static void qio_channel_websock_handshake_process(QIOChannelWebsock *ioc,
> >           goto bad_request;
> >       }
> > -    if (!g_strrstr(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE)) {
> > +    if (strcasecmp(connection, QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE) != 0) {
> 
> Why not use g_ascii_strcasecmp() ?

Functionally it doesn't matter either way, but there's no usage of
g_ascii_strcasecmp in QEMU so I don't see a benefit to using that

> 
> >           error_setg(errp, "No connection upgrade requested '%s'", connection);
> >           goto bad_request;
> >       }
> > -    if (!g_str_equal(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET)) {
> > +    if (strcasecmp(upgrade, QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET) != 0) {
> >           error_setg(errp, "Incorrect upgrade method '%s'", upgrade);
> >           goto bad_request;
> >       }
> > 

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.