1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00

parser restrict unknown header paranoia to server methods

Signed-off-by: Andy Green <andy.green@linaro.org>
This commit is contained in:
Andy Green 2015-04-07 08:19:30 +08:00
parent 15ac07f1a0
commit 8fb338f71c
2 changed files with 20 additions and 6 deletions

View file

@ -401,33 +401,44 @@ swallow:
/* collecting and checking a name part */
case WSI_TOKEN_NAME_PART:
lwsl_parser("WSI_TOKEN_NAME_PART '%c'\n", c);
lwsl_parser("WSI_TOKEN_NAME_PART '%c' (mode=%d)\n", c, wsi->mode);
wsi->u.hdr.lextable_pos =
lextable_decode(wsi->u.hdr.lextable_pos, c);
if (wsi->u.hdr.lextable_pos < 0) {
/*
* Server needs to look out for unknown methods...
*/
if (wsi->u.hdr.lextable_pos < 0 &&
wsi->mode == LWS_CONNMODE_HTTP_SERVING) {
/* this is not a header we know about */
for (m = 0; m < ARRAY_SIZE(methods); m++)
if (wsi->u.hdr.ah->frag_index[methods[m]]) {
/*
* already had the method, no idea what
* this crap is, ignore
* this crap from the client is, ignore
*/
wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
break;
}
/*
* hm it's an unknown http method in fact,
* hm it's an unknown http method from a client in fact,
* treat as dangerous
*/
if (m == ARRAY_SIZE(methods)) {
lwsl_info("Unknown method - dropping\n");
return -1;
}
break;
}
/*
* ...otherwise for a client, let him ignore unknown headers
* coming from the server
*/
if (wsi->u.hdr.lextable_pos < 0) {
wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
break;
}
if (lextable[wsi->u.hdr.lextable_pos] < FAIL_CHAR) {
/* terminal state */

View file

@ -228,6 +228,9 @@ handshake_0405(struct libwebsocket_context *context, struct libwebsocket *wsi)
if (lws_extension_server_handshake(context, wsi, &p))
goto bail;
#endif
//LWS_CPYAPP(p, "\x0d\x0a""An-unknown-header: blah");
/* end of response packet */
LWS_CPYAPP(p, "\x0d\x0a\x0d\x0a");