diff options
author | Liang Qi <liang.qi@qt.io> | 2016-12-07 10:07:25 +0100 |
---|---|---|
committer | Liang Qi <liang.qi@qt.io> | 2017-01-06 08:42:14 +0000 |
commit | 670266a075c7c312c6a7f9465298bfec0b968ee2 (patch) | |
tree | 4e0f34928d5fd786676ab2f4e59cedfbbf35a9e5 /src/websockets | |
parent | 2eeee81b67ce4fc81793c51bafd2cc1b33076c05 (diff) | |
download | qtwebsockets-670266a075c7c312c6a7f9465298bfec0b968ee2.tar.gz |
Fix the parser of port in hand shake request
Use QUrl::setAuthority() to parse host and port.
The request is invalid when having username or password in Host.
Task-number: QTBUG-57357
Change-Id: I4e7c0370794dce15359d372a1e36dc0383083204
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/websockets')
-rw-r--r-- | src/websockets/qwebsockethandshakerequest.cpp | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/src/websockets/qwebsockethandshakerequest.cpp b/src/websockets/qwebsockethandshakerequest.cpp index 81c5f97..ddeee2d 100644 --- a/src/websockets/qwebsockethandshakerequest.cpp +++ b/src/websockets/qwebsockethandshakerequest.cpp @@ -275,16 +275,12 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream, int maxH if (m_requestUrl.isRelative()) { // see http://tools.ietf.org/html/rfc6455#page-17 // No. 4 item in "The requirements for this handshake" - int idx = host.indexOf(QStringLiteral(":")); - bool ok = false; - int port = 0; - if (idx != -1) { - port = host.rightRef(host.length() - idx - 1).toInt(&ok); - host.truncate(idx); + m_requestUrl.setAuthority(host); + if (!m_requestUrl.userName().isNull()) { // If the username is null, the password must be too. + m_isValid = false; + clear(); + return; } - m_requestUrl.setHost(host); - if (ok) - m_requestUrl.setPort(port); } if (m_requestUrl.scheme().isEmpty()) { const QString scheme = isSecure() ? QStringLiteral("wss") : QStringLiteral("ws"); @@ -337,7 +333,7 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream, int maxH //TODO: authentication field - m_isValid = !(host.isEmpty() || + m_isValid = !(m_requestUrl.host().isEmpty() || resourceName.isEmpty() || m_versions.isEmpty() || m_key.isEmpty() || |