When negotiating the protocol to be used using the NPN extension keep in mind that http/1.1 can be given there as well. (Googlebot does this, and thus couldn't access Kore sites).

On top of that be extra careful with how many bytes we memcmp() if we receive data from the NPN extension. This fix makes googlebot and anybody negotiating http/1.1 over NPN properly.
2013-07-10 10:37:37 +02:00 · 2013-07-10 10:37:37 +02:00 · 36d603ea67
parent fa78d24948
commit 36d603ea67
1 changed files with 13 additions and 6 deletions
--- a/src/connection.c
+++ b/src/connection.c
@ -14,6 +14,7 @@
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

+#include <sys/param.h>
 #include <sys/socket.h>

 #include <fcntl.h>
@ -123,13 +124,19 @@ kore_connection_handle(struct connection *c)

 		SSL_get0_next_proto_negotiated(c->ssl, &data, &len);
 		if (data) {
-			if (!memcmp(data, "spdy/3", 6))
-				kore_debug("using SPDY/3");
-			c->proto = CONN_PROTO_SPDY;
-			net_recv_queue(c, SPDY_FRAME_SIZE, 0,
-			    NULL, spdy_frame_recv);
+			if (!memcmp(data, "spdy/3", MIN(6, len))) {
+				c->proto = CONN_PROTO_SPDY;
+				net_recv_queue(c, SPDY_FRAME_SIZE, 0,
+				    NULL, spdy_frame_recv);
+			} else if (!memcmp(data, "http/1.1", MIN(8, len))) {
+				c->proto = CONN_PROTO_HTTP;
+				net_recv_queue(c, HTTP_HEADER_MAX_LEN,
+				    NETBUF_CALL_CB_ALWAYS, NULL,
+				    http_header_recv);
+			} else {
+				kore_debug("npn: received unknown protocol");
+			}
 		} else {
-			kore_debug("using HTTP/1.1");
 			c->proto = CONN_PROTO_HTTP;
 			net_recv_queue(c, HTTP_HEADER_MAX_LEN,
 			    NETBUF_CALL_CB_ALWAYS, NULL,