Rivo Nurges([email protected]) on 2019.03.05 22:42:13 +0000: > Hi! > > On 3/5/19 10:36 PM, Claudio Jeker wrote: > > I guess that this would need strcasestr() instead of strcasecmp(), since you > > are looking for the substring "Upgrade" in value. Maybe more is needed if > > we want to be sure that 'Connection: Upgrade-maybe' does not match. > > You are correct about strcasestr. "Connection: Upgrade-maybe" would need > to have correct "Upgrade: websocket". Anyway, lets be strict. > > Does something like this make sense?
i think the seperator list needs to include '\t' because https://tools.ietf.org/html/rfc7230#appendix-B includes HTAB. And i dont think you can mix "," with " \t" seperators, because otherwise "Foo Upgrade, Bar" will match. Something more is needed to parse elements of a header. > Index: usr.sbin/relayd/relay_http.c > =================================================================== > RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v > retrieving revision 1.72 > diff -u -p -r1.72 relay_http.c > --- usr.sbin/relayd/relay_http.c 4 Mar 2019 21:25:03 -0000 1.72 > +++ usr.sbin/relayd/relay_http.c 5 Mar 2019 22:33:47 -0000 > @@ -166,6 +166,7 @@ relay_read_http(struct bufferevent *bev, > struct relay_http_priv *priv = con->se_priv; > char *line = NULL, *key, *value; > char *urlproto, *host, *path; > + char *valuecopy, *valuepart; > int action, unique, ret; > const char *errstr; > size_t size, linelen; > @@ -399,10 +400,18 @@ relay_read_http(struct bufferevent *bev, > > if (cre->line != 1) { > if (cre->dir == RELAY_DIR_REQUEST) { > - if (strcasecmp("Connection", key) == 0 && > - strcasecmp("Upgrade", value) == 0) > - priv->http_upgrade_req |= > - HTTP_CONNECTION_UPGRADE; > + > + > + if (strcasecmp("Connection", key) == 0) { > + valuecopy = strdup(value); > + while ((valuepart = strsep(&valuecopy, ", > ")) != NULL) > + if (strcasecmp("Upgrade", valuepart) == > 0) > + priv->http_upgrade_req |= > + HTTP_CONNECTION_UPGRADE; > + free(valuecopy); > + } > + > + > if (strcasecmp("Upgrade", key) == 0 && > strcasecmp("websocket", value) == 0) > priv->http_upgrade_req |= > > > > begin-base64 644 websocket2.diff > SW5kZXg6IHVzci5zYmluL3JlbGF5ZC9yZWxheV9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09 > PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog > L2N2cy9zcmMvdXNyLnNiaW4vcmVsYXlkL3JlbGF5X2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp > b24gMS43MgpkaWZmIC11IC1wIC1yMS43MiByZWxheV9odHRwLmMKLS0tIHVzci5zYmluL3JlbGF5 > ZC9yZWxheV9odHRwLmMJNCBNYXIgMjAxOSAyMToyNTowMyAtMDAwMAkxLjcyCisrKyB1c3Iuc2Jp > bi9yZWxheWQvcmVsYXlfaHR0cC5jCTUgTWFyIDIwMTkgMjI6MzM6NDcgLTAwMDAKQEAgLTE2Niw2 > ICsxNjYsNyBAQCByZWxheV9yZWFkX2h0dHAoc3RydWN0IGJ1ZmZlcmV2ZW50ICpiZXYsCiAJc3Ry > dWN0IHJlbGF5X2h0dHBfcHJpdgkqcHJpdiA9IGNvbi0+c2VfcHJpdjsKIAljaGFyCQkJKmxpbmUg > PSBOVUxMLCAqa2V5LCAqdmFsdWU7CiAJY2hhcgkJCSp1cmxwcm90bywgKmhvc3QsICpwYXRoOwor > CWNoYXIJCQkqdmFsdWVjb3B5LCAqdmFsdWVwYXJ0OwogCWludAkJCSBhY3Rpb24sIHVuaXF1ZSwg > cmV0OwogCWNvbnN0IGNoYXIJCSplcnJzdHI7CiAJc2l6ZV90CQkJIHNpemUsIGxpbmVsZW47CkBA > IC0zOTksMTAgKzQwMCwxOCBAQCByZWxheV9yZWFkX2h0dHAoc3RydWN0IGJ1ZmZlcmV2ZW50ICpi > ZXYsCiAKIAkJaWYgKGNyZS0+bGluZSAhPSAxKSB7CiAJCQlpZiAoY3JlLT5kaXIgPT0gUkVMQVlf > RElSX1JFUVVFU1QpIHsKLQkJCQlpZiAoc3RyY2FzZWNtcCgiQ29ubmVjdGlvbiIsIGtleSkgPT0g > MCAmJgotCQkJCSAgICBzdHJjYXNlY21wKCJVcGdyYWRlIiwgdmFsdWUpID09IDApCi0JCQkJCXBy > aXYtPmh0dHBfdXBncmFkZV9yZXEgfD0KLQkJCQkJICAgIEhUVFBfQ09OTkVDVElPTl9VUEdSQURF > OworCisKKwkJCQlpZiAoc3RyY2FzZWNtcCgiQ29ubmVjdGlvbiIsIGtleSkgPT0gMCkgeworCQkJ > CSAgICB2YWx1ZWNvcHkgPSBzdHJkdXAodmFsdWUpOworCQkJCSAgICB3aGlsZSAoKHZhbHVlcGFy > dCA9IHN0cnNlcCgmdmFsdWVjb3B5LCAiLCAiKSkgIT0gTlVMTCkKKwkJCQkgICAgCWlmIChzdHJj > YXNlY21wKCJVcGdyYWRlIiwgdmFsdWVwYXJ0KSA9PSAwKQorCQkJCQkgICAgcHJpdi0+aHR0cF91 > cGdyYWRlX3JlcSB8PQorCQkJCQkgICAgCUhUVFBfQ09OTkVDVElPTl9VUEdSQURFOworCQkJCSAg > ICBmcmVlKHZhbHVlY29weSk7CisJCQkJfQorCisKIAkJCQlpZiAoc3RyY2FzZWNtcCgiVXBncmFk > ZSIsIGtleSkgPT0gMCAmJgogCQkJCSAgICBzdHJjYXNlY21wKCJ3ZWJzb2NrZXQiLCB2YWx1ZSkg > PT0gMCkKIAkJCQkJcHJpdi0+aHR0cF91cGdyYWRlX3JlcSB8PQo= > ==== > > > > > >
