Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 3d69ad1

Browse filesBrowse files
MylesBorinsFishrock123
MylesBorins
authored and
Fishrock123
committed
src: make Sec-WebSocket-Key check case-insensitive
Current case sensitive comparison is breaking netty-based WS clients. replace strncmp with strncasecmp Fixes: #7247 PR-URL: #7248 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
1 parent 88b2aa3 commit 3d69ad1
Copy full SHA for 3d69ad1

File tree

Expand file treeCollapse file tree

4 files changed

+34
-3
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

4 files changed

+34
-3
lines changed
Open diff view settings
Collapse file

‎src/inspector_socket.cc‎

Copy file name to clipboardExpand all lines: src/inspector_socket.cc
+6-3Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
#include "inspector_socket.h"
2+
#include "util.h"
3+
#include "util-inl.h"
24

35
#define NODE_WANT_INTERNALS 1
46
#include "base64.h"
@@ -445,9 +447,10 @@ static int header_value_cb(http_parser* parser, const char* at, size_t length) {
445447
struct http_parsing_state_s* state = (struct http_parsing_state_s*)
446448
(reinterpret_cast<inspector_socket_t*>(parser->data))->http_parsing_state;
447449
state->parsing_value = true;
448-
if (state->current_header && strncmp(state->current_header,
449-
SEC_WEBSOCKET_KEY_HEADER,
450-
sizeof(SEC_WEBSOCKET_KEY_HEADER)) == 0) {
450+
if (state->current_header &&
451+
node::StringEqualNoCaseN(state->current_header,
452+
SEC_WEBSOCKET_KEY_HEADER,
453+
sizeof(SEC_WEBSOCKET_KEY_HEADER))) {
451454
append(&state->ws_key, at, length);
452455
}
453456
return 0;
Collapse file

‎src/util-inl.h‎

Copy file name to clipboardExpand all lines: src/util-inl.h
+10Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -219,6 +219,16 @@ bool StringEqualNoCase(const char* a, const char* b) {
219219
return false;
220220
}
221221

222+
bool StringEqualNoCaseN(const char* a, const char* b, size_t length) {
223+
for (size_t i = 0; i < length; i++) {
224+
if (ToLower(a[i]) != ToLower(b[i]))
225+
return false;
226+
if (a[i] == '\0')
227+
return true;
228+
}
229+
return true;
230+
}
231+
222232
} // namespace node
223233

224234
#endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
Collapse file

‎src/util.h‎

Copy file name to clipboardExpand all lines: src/util.h
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -206,6 +206,9 @@ inline char ToLower(char c);
206206
// strcasecmp() is locale-sensitive. Use StringEqualNoCase() instead.
207207
inline bool StringEqualNoCase(const char* a, const char* b);
208208

209+
// strncasecmp() is locale-sensitive. Use StringEqualNoCaseN() instead.
210+
inline bool StringEqualNoCaseN(const char* a, const char* b, size_t length);
211+
209212
// Allocates an array of member type T. For up to kStackStorageSize items,
210213
// the stack is used, otherwise malloc().
211214
template <typename T, size_t kStackStorageSize = 1024>
Collapse file

‎test/cctest/util.cc‎

Copy file name to clipboardExpand all lines: test/cctest/util.cc
+15Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,21 @@ TEST(UtilTest, StringEqualNoCase) {
6868
EXPECT_FALSE(StringEqualNoCase("equals", "equal"));
6969
}
7070

71+
TEST(UtilTest, StringEqualNoCaseN) {
72+
using node::StringEqualNoCaseN;
73+
EXPECT_FALSE(StringEqualNoCaseN("a", "b", strlen("a")));
74+
EXPECT_TRUE(StringEqualNoCaseN("", "", strlen("")));
75+
EXPECT_TRUE(StringEqualNoCaseN("equal", "equal", strlen("equal")));
76+
EXPECT_TRUE(StringEqualNoCaseN("equal", "EQUAL", strlen("equal")));
77+
EXPECT_TRUE(StringEqualNoCaseN("EQUAL", "EQUAL", strlen("equal")));
78+
EXPECT_TRUE(StringEqualNoCaseN("equal", "equals", strlen("equal")));
79+
EXPECT_FALSE(StringEqualNoCaseN("equal", "equals", strlen("equals")));
80+
EXPECT_TRUE(StringEqualNoCaseN("equals", "equal", strlen("equal")));
81+
EXPECT_FALSE(StringEqualNoCaseN("equals", "equal", strlen("equals")));
82+
EXPECT_TRUE(StringEqualNoCaseN("abc\0abc", "abc\0efg", strlen("abcdefgh")));
83+
EXPECT_FALSE(StringEqualNoCaseN("abc\0abc", "abcd\0efg", strlen("abcdefgh")));
84+
}
85+
7186
TEST(UtilTest, ToLower) {
7287
using node::ToLower;
7388
EXPECT_EQ('0', ToLower('0'));

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.