diff options
author | Robert Griebl <robert.griebl@pelagicore.com> | 2017-11-25 02:14:03 +0100 |
---|---|---|
committer | Robert Griebl <robert.griebl@pelagicore.com> | 2017-11-28 11:08:16 +0000 |
commit | 704174bcc9f445cdf9d471acfa380bec6feb3576 (patch) | |
tree | 89db9ec2e7e76758421592a0ab5af23d8ed3de96 /src | |
parent | 534ed7ddbe86c58dc7d59c5c693b027ed8f18737 (diff) | |
download | qtwebsockets-704174bcc9f445cdf9d471acfa380bec6feb3576.tar.gz |
Make HTTP header parsing RFC-compliant
All this home-grown parsing should be replaced with code from the qhttp*
classes. This would result in a big refactoring though, so this commit
at least tries to make the header parsing RFC compliant and not choke
on perfectly legal "Header:Value" messages.
Change-Id: I14303610dc7187b8d8595568fb221c18e4e0d515
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/websockets/qwebsocket_p.cpp | 30 | ||||
-rw-r--r-- | src/websockets/qwebsockethandshakerequest.cpp | 24 |
2 files changed, 41 insertions, 13 deletions
diff --git a/src/websockets/qwebsocket_p.cpp b/src/websockets/qwebsocket_p.cpp index 1cfa106..9b29114 100644 --- a/src/websockets/qwebsocket_p.cpp +++ b/src/websockets/qwebsocket_p.cpp @@ -964,17 +964,32 @@ void QWebSocketPrivate::processHandshake(QTcpSocket *pSocket) } m_handshakeState = ReadingHeaderState; Q_FALLTHROUGH(); - case ReadingHeaderState: + case ReadingHeaderState: { + // TODO: this should really use the existing code from QHttpNetworkReplyPrivate::parseHeader + auto lastHeader = m_headers.end(); while (pSocket->canReadLine()) { QString headerLine = readLine(pSocket); - const QStringList headerField = headerLine.split(QStringLiteral(": "), - QString::SkipEmptyParts); - if (headerField.size() == 2) { - m_headers.insertMulti(headerField[0].toLower(), headerField[1]); - } - if (headerField.isEmpty()) { + + if (headerLine.isEmpty()) { + // end of headers m_handshakeState = ParsingHeaderState; break; + } else if (headerLine.startsWith(QLatin1Char(' ')) || headerLine.startsWith(QLatin1Char('\t'))) { + // continuation line -- add this to the last header field + if (Q_UNLIKELY(lastHeader == m_headers.end())) { + errorDescription = QWebSocket::tr("Malformed header in response: %1.").arg(headerLine); + break; + } + lastHeader.value().append(QLatin1Char(' ')); + lastHeader.value().append(headerLine.trimmed()); + } else { + int colonPos = headerLine.indexOf(QLatin1Char(':')); + if (Q_UNLIKELY(colonPos <= 0)) { + errorDescription = QWebSocket::tr("Malformed header in response: %1.").arg(headerLine); + break; + } + lastHeader = m_headers.insertMulti(headerLine.left(colonPos).trimmed().toLower(), + headerLine.mid(colonPos + 1).trimmed()); } } @@ -986,6 +1001,7 @@ void QWebSocketPrivate::processHandshake(QTcpSocket *pSocket) return; } Q_FALLTHROUGH(); + } case ParsingHeaderState: { const QString acceptKey = m_headers.value(QStringLiteral("sec-websocket-accept"), QString()); const QString upgrade = m_headers.value(QStringLiteral("upgrade"), QString()); diff --git a/src/websockets/qwebsockethandshakerequest.cpp b/src/websockets/qwebsockethandshakerequest.cpp index e6a626c..bfc8a3d 100644 --- a/src/websockets/qwebsockethandshakerequest.cpp +++ b/src/websockets/qwebsockethandshakerequest.cpp @@ -251,14 +251,26 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream, int maxH return; } m_headers.clear(); + // TODO: this should really use the existing code from QHttpNetworkReplyPrivate::parseHeader + auto lastHeader = m_headers.end(); while (!headerLine.isEmpty()) { - const QStringList headerField = headerLine.split(QStringLiteral(": "), - QString::SkipEmptyParts); - if (Q_UNLIKELY(headerField.length() < 2)) { - clear(); - return; + if (headerLine.startsWith(QLatin1Char(' ')) || headerLine.startsWith(QLatin1Char('\t'))) { + // continuation line -- add this to the last header field + if (Q_UNLIKELY(lastHeader == m_headers.end())) { + clear(); + return; + } + lastHeader.value().append(QLatin1Char(' ')); + lastHeader.value().append(headerLine.trimmed()); + } else { + int colonPos = headerLine.indexOf(QLatin1Char(':')); + if (Q_UNLIKELY(colonPos <= 0)) { + clear(); + return; + } + lastHeader = m_headers.insertMulti(headerLine.left(colonPos).trimmed().toLower(), + headerLine.mid(colonPos + 1).trimmed()); } - m_headers.insertMulti(headerField.at(0).toLower(), headerField.at(1)); if (m_headers.size() > maxHeaders) { clear(); return; |