Skip to content

Commit

Permalink
src: make Sec-WebSocket-Key check case-insensitive
Browse files Browse the repository at this point in the history
Current case sensitive comparison is breaking netty-based WS clients.

replace strncmp with strncasecmp

Fixes: #7247
PR-URL: #7248
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Ali Ijaz Sheikh <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
  • Loading branch information
MylesBorins authored and Fishrock123 committed Jul 5, 2016
1 parent 88b2aa3 commit 3d69ad1
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 3 deletions.
9 changes: 6 additions & 3 deletions src/inspector_socket.cc
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
#include "inspector_socket.h"
#include "util.h"
#include "util-inl.h"

#define NODE_WANT_INTERNALS 1
#include "base64.h"
Expand Down Expand Up @@ -445,9 +447,10 @@ static int header_value_cb(http_parser* parser, const char* at, size_t length) {
struct http_parsing_state_s* state = (struct http_parsing_state_s*)
(reinterpret_cast<inspector_socket_t*>(parser->data))->http_parsing_state;
state->parsing_value = true;
if (state->current_header && strncmp(state->current_header,
SEC_WEBSOCKET_KEY_HEADER,
sizeof(SEC_WEBSOCKET_KEY_HEADER)) == 0) {
if (state->current_header &&
node::StringEqualNoCaseN(state->current_header,
SEC_WEBSOCKET_KEY_HEADER,
sizeof(SEC_WEBSOCKET_KEY_HEADER))) {
append(&state->ws_key, at, length);
}
return 0;
Expand Down
10 changes: 10 additions & 0 deletions src/util-inl.h
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,16 @@ bool StringEqualNoCase(const char* a, const char* b) {
return false;
}

bool StringEqualNoCaseN(const char* a, const char* b, size_t length) {
for (size_t i = 0; i < length; i++) {
if (ToLower(a[i]) != ToLower(b[i]))
return false;
if (a[i] == '\0')
return true;
}
return true;
}

} // namespace node

#endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
Expand Down
3 changes: 3 additions & 0 deletions src/util.h
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,9 @@ inline char ToLower(char c);
// strcasecmp() is locale-sensitive. Use StringEqualNoCase() instead.
inline bool StringEqualNoCase(const char* a, const char* b);

// strncasecmp() is locale-sensitive. Use StringEqualNoCaseN() instead.
inline bool StringEqualNoCaseN(const char* a, const char* b, size_t length);

// Allocates an array of member type T. For up to kStackStorageSize items,
// the stack is used, otherwise malloc().
template <typename T, size_t kStackStorageSize = 1024>
Expand Down
15 changes: 15 additions & 0 deletions test/cctest/util.cc
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,21 @@ TEST(UtilTest, StringEqualNoCase) {
EXPECT_FALSE(StringEqualNoCase("equals", "equal"));
}

TEST(UtilTest, StringEqualNoCaseN) {
using node::StringEqualNoCaseN;
EXPECT_FALSE(StringEqualNoCaseN("a", "b", strlen("a")));
EXPECT_TRUE(StringEqualNoCaseN("", "", strlen("")));
EXPECT_TRUE(StringEqualNoCaseN("equal", "equal", strlen("equal")));
EXPECT_TRUE(StringEqualNoCaseN("equal", "EQUAL", strlen("equal")));
EXPECT_TRUE(StringEqualNoCaseN("EQUAL", "EQUAL", strlen("equal")));
EXPECT_TRUE(StringEqualNoCaseN("equal", "equals", strlen("equal")));
EXPECT_FALSE(StringEqualNoCaseN("equal", "equals", strlen("equals")));
EXPECT_TRUE(StringEqualNoCaseN("equals", "equal", strlen("equal")));
EXPECT_FALSE(StringEqualNoCaseN("equals", "equal", strlen("equals")));
EXPECT_TRUE(StringEqualNoCaseN("abc\0abc", "abc\0efg", strlen("abcdefgh")));
EXPECT_FALSE(StringEqualNoCaseN("abc\0abc", "abcd\0efg", strlen("abcdefgh")));
}

TEST(UtilTest, ToLower) {
using node::ToLower;
EXPECT_EQ('0', ToLower('0'));
Expand Down

0 comments on commit 3d69ad1

Please sign in to comment.