07e95cd529
The current websockets protocol handshake code is very relaxed, just doing crude string searching across the HTTP header data. This causes it to both reject valid connections and fail to reject invalid connections. For example, according to the RFC 6455 it: - MUST reject any method other than "GET" - MUST reject any HTTP version less than "HTTP/1.1" - MUST reject Connection header without "Upgrade" listed - MUST reject Upgrade header which is not 'websocket' - MUST reject missing Host header - MUST treat HTTP header names as case insensitive To do all this validation correctly requires that we fully parse the HTTP headers, populating a data structure containing the header fields. After this change, we also reject any path other than '/' Signed-off-by: Daniel P. Berrange <berrange@redhat.com> |
||
|---|---|---|
| .. | ||
| channel-buffer.c | ||
| channel-command.c | ||
| channel-file.c | ||
| channel-socket.c | ||
| channel-tls.c | ||
| channel-util.c | ||
| channel-watch.c | ||
| channel-websock.c | ||
| channel.c | ||
| dns-resolver.c | ||
| Makefile.objs | ||
| task.c | ||
| trace-events | ||