Make HTTP header parsing RFC-compliant

All this home-grown parsing should be replaced with code from the qhttp* classes. This would result in a big refactoring though, so this commit at least tries to make the header parsing RFC compliant and not choke on perfectly legal "Header:Value" messages. Change-Id: I14303610dc7187b8d8595568fb221c18e4e0d515 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Robert Griebl <robert.griebl@pelagicore.com> 2017-11-25 02:14:03 +0100
committer: Robert Griebl <robert.griebl@pelagicore.com> 2017-11-28 11:08:16 +0000
commit: 704174bcc9f445cdf9d471acfa380bec6feb3576 (patch)
tree: 89db9ec2e7e76758421592a0ab5af23d8ed3de96 /src
parent: 534ed7ddbe86c58dc7d59c5c693b027ed8f18737 (diff)
download: qtwebsockets-704174bcc9f445cdf9d471acfa380bec6feb3576.tar.gz
2 files changed, 41 insertions, 13 deletions
diff --git a/src/websockets/qwebsocket_p.cpp b/src/websockets/qwebsocket_p.cpp
index 1cfa106..9b29114 100644
--- a/src/websockets/qwebsocket_p.cpp
+++ b/src/websockets/qwebsocket_p.cpp
@@ -964,17 +964,32 @@ void QWebSocketPrivate::processHandshake(QTcpSocket *pSocket)
         }
         m_handshakeState = ReadingHeaderState;
         Q_FALLTHROUGH();
-    case ReadingHeaderState:
+    case ReadingHeaderState: {
+        // TODO: this should really use the existing code from QHttpNetworkReplyPrivate::parseHeader
+        auto lastHeader = m_headers.end();
         while (pSocket->canReadLine()) {
             QString headerLine = readLine(pSocket);
-            const QStringList headerField = headerLine.split(QStringLiteral(": "),
-                                                             QString::SkipEmptyParts);
-            if (headerField.size() == 2) {
-                m_headers.insertMulti(headerField[0].toLower(), headerField[1]);
-            }
-            if (headerField.isEmpty()) {
+
+            if (headerLine.isEmpty()) {
+                // end of headers
                 m_handshakeState = ParsingHeaderState;
                 break;
+            } else if (headerLine.startsWith(QLatin1Char(' ')) || headerLine.startsWith(QLatin1Char('\t'))) {
+                // continuation line -- add this to the last header field
+                if (Q_UNLIKELY(lastHeader == m_headers.end())) {
+                    errorDescription = QWebSocket::tr("Malformed header in response: %1.").arg(headerLine);
+                    break;
+                }
+                lastHeader.value().append(QLatin1Char(' '));
+                lastHeader.value().append(headerLine.trimmed());
+            } else {
+                int colonPos = headerLine.indexOf(QLatin1Char(':'));
+                if (Q_UNLIKELY(colonPos <= 0)) {
+                    errorDescription = QWebSocket::tr("Malformed header in response: %1.").arg(headerLine);
+                    break;
+                }
+                lastHeader = m_headers.insertMulti(headerLine.left(colonPos).trimmed().toLower(),
+                                                   headerLine.mid(colonPos + 1).trimmed());
             }
         }
 
@@ -986,6 +1001,7 @@ void QWebSocketPrivate::processHandshake(QTcpSocket *pSocket)
             return;
         }
         Q_FALLTHROUGH();
+    }
     case ParsingHeaderState: {
         const QString acceptKey = m_headers.value(QStringLiteral("sec-websocket-accept"), QString());
         const QString upgrade = m_headers.value(QStringLiteral("upgrade"), QString());
diff --git a/src/websockets/qwebsockethandshakerequest.cpp b/src/websockets/qwebsockethandshakerequest.cpp
index e6a626c..bfc8a3d 100644
--- a/src/websockets/qwebsockethandshakerequest.cpp
+++ b/src/websockets/qwebsockethandshakerequest.cpp
@@ -251,14 +251,26 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream, int maxH
         return;
     }
     m_headers.clear();
+    // TODO: this should really use the existing code from QHttpNetworkReplyPrivate::parseHeader
+    auto lastHeader = m_headers.end();
     while (!headerLine.isEmpty()) {
-        const QStringList headerField = headerLine.split(QStringLiteral(": "),
-                                                         QString::SkipEmptyParts);
-        if (Q_UNLIKELY(headerField.length() < 2)) {
-            clear();
-            return;
+        if (headerLine.startsWith(QLatin1Char(' ')) || headerLine.startsWith(QLatin1Char('\t'))) {
+            // continuation line -- add this to the last header field
+            if (Q_UNLIKELY(lastHeader == m_headers.end())) {
+                clear();
+                return;
+            }
+            lastHeader.value().append(QLatin1Char(' '));
+            lastHeader.value().append(headerLine.trimmed());
+        } else {
+            int colonPos = headerLine.indexOf(QLatin1Char(':'));
+            if (Q_UNLIKELY(colonPos <= 0)) {
+               clear();
+               return;
+            }
+            lastHeader = m_headers.insertMulti(headerLine.left(colonPos).trimmed().toLower(),
+                                               headerLine.mid(colonPos + 1).trimmed());
         }
-        m_headers.insertMulti(headerField.at(0).toLower(), headerField.at(1));
         if (m_headers.size() > maxHeaders) {
             clear();
             return;
author	Robert Griebl <robert.griebl@pelagicore.com>	2017-11-25 02:14:03 +0100
committer	Robert Griebl <robert.griebl@pelagicore.com>	2017-11-28 11:08:16 +0000
commit	704174bcc9f445cdf9d471acfa380bec6feb3576 (patch)
tree	89db9ec2e7e76758421592a0ab5af23d8ed3de96 /src
parent	534ed7ddbe86c58dc7d59c5c693b027ed8f18737 (diff)
download	qtwebsockets-704174bcc9f445cdf9d471acfa380bec6feb3576.tar.gz