Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

src: make Sec-WebSocket-Key check case-insensitive #7248

Merged
merged 1 commit into from
Jun 14, 2016
Merged

src: make Sec-WebSocket-Key check case-insensitive #7248

merged 1 commit into from
Jun 14, 2016
+34 −3

Conversation

MylesBorins
Copy link
Contributor

Checklist
  • make -j4 test (UNIX) or vcbuild test nosign (Windows) passes
  • the commit message follows commit guidelines
Affected core subsystem(s)

src

Description of change

Current case sensitive comparison is breaking netty-based WS clients.

replace strncmp with strncasecmp

Fixes: #7247

@MylesBorins MylesBorins added c++ Issues and PRs that require attention from people who are familiar with C++. inspector Issues and PRs related to the V8 inspector protocol labels Jun 9, 2016
@MylesBorins MylesBorins mentioned this pull request Jun 9, 2016
Closed
@MylesBorins
Copy link
Contributor Author

MylesBorins commented Jun 9, 2016
edited
Loading

/cc @nodejs/diagnostics @ofrobots @develar

addaleax
addaleax reviewed Jun 9, 2016
View reviewed changes
src/inspector_socket.cc
@@ -445,7 +445,7 @@ static int header_value_cb(http_parser* parser, const char* at, size_t length) {
struct http_parsing_state_s* state = (struct http_parsing_state_s*)
(reinterpret_cast<inspector_socket_t*>(parser->data))->http_parsing_state;
state->parsing_value = true;
if (state->current_header && strncmp(state->current_header,
if (state->current_header && strncasecmp(state->current_header,
SEC_WEBSOCKET_KEY_HEADER,
sizeof(SEC_WEBSOCKET_KEY_HEADER)) == 0) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may want to keep the arguments aligned here :-)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed. Needing to put things on a new line as the sizeof line was spilling over 80 characters

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry to be so nit-picky, but ideally the subsequent arguments of strncasecmp should start at the same column at which the first one does (basically like they were before)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

got it this time I think :P

@MylesBorins MylesBorins changed the title src: Make Sec-WebSocket-Key check case-insensitive src: make Sec-WebSocket-Key check case-insensitive Jun 9, 2016
@MylesBorins MylesBorins force-pushed the inspect-ws-case-insensitive branch from 9d97d5b to f3baec9 Compare June 9, 2016 16:35
@cjihrig
Copy link
Contributor

cjihrig commented Jun 9, 2016

LGTM pending @addaleax's comment.

@MylesBorins MylesBorins force-pushed the inspect-ws-case-insensitive branch from f3baec9 to 9611926 Compare June 9, 2016 16:38
bnoordhuis
bnoordhuis reviewed Jun 9, 2016
View reviewed changes
src/inspector_socket.cc
if (state->current_header &&
strncasecmp(state->current_header,
SEC_WEBSOCKET_KEY_HEADER,
sizeof(SEC_WEBSOCKET_KEY_HEADER)) == 0) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a version of StringEqualNoCase() that takes a size parameter and use that?

Style: arguments should line up here.

Copy link
Contributor Author

@MylesBorins MylesBorins Jun 9, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lining up the arguments pushes over 80 characters... what is the best way to deal with that?

edit: nvm got the line up... looking into StringEqualNoCase

@MylesBorins MylesBorins force-pushed the inspect-ws-case-insensitive branch from 9611926 to 8ee040e Compare June 9, 2016 17:04
@pavelfeldman
Copy link
Contributor

lgtm

@develar develar mentioned this pull request Jun 10, 2016
Closed
@MylesBorins MylesBorins force-pushed the inspect-ws-case-insensitive branch from 8ee040e to ffb8530 Compare June 10, 2016 19:43
@MylesBorins
Copy link
Contributor Author

updated based on @bnoordhuis' suggestions. PTAL

@ofrobots
Copy link
Contributor

@thealphanerd now that you have added StringEqualNoCaseN it would be good to add some tests in test/cctest/util.cc.

@MylesBorins MylesBorins force-pushed the inspect-ws-case-insensitive branch from ffb8530 to f7269c7 Compare June 10, 2016 22:33
@MylesBorins
Copy link
Contributor Author

MylesBorins commented Jun 10, 2016
edited
Loading

@ofrobots updated with test. Let me know if you would like some more cases
ci: https://ci.nodejs.org/job/node-test-pull-request/2981/

@MylesBorins MylesBorins force-pushed the inspect-ws-case-insensitive branch from f7269c7 to 071889c Compare June 10, 2016 22:35
ofrobots
ofrobots reviewed Jun 10, 2016
View reviewed changes
src/util-inl.h
for (int i = 0; i < length; i++) {
if (ToLower(a[i]) != ToLower(b[i]))
return false;
if (a[i] == '\0')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we are guaranteed at this point that if a[i] is null, then b[i] is also null. I think you can simply return true if a[i] is null. The second if below can simply be dropped.

It would be good to add a test that compares: "abc\0abc" and "abc\0xyz". Your function should (already does) return true for this. This matches the semantics of strncmp.

@ofrobots
Copy link
Contributor

LGTM w/ comment.

@MylesBorins MylesBorins force-pushed the inspect-ws-case-insensitive branch from 071889c to 493e0ce Compare June 11, 2016 00:17
@MylesBorins
Copy link
Contributor Author

MylesBorins commented Jun 11, 2016
edited
Loading

Updated to address @ofrobots comments. PTAL

edit:

ci: https://ci.nodejs.org/job/node-test-pull-request/2985/

@MylesBorins MylesBorins force-pushed the inspect-ws-case-insensitive branch from 493e0ce to 263d9ef Compare June 11, 2016 00:19
bnoordhuis
bnoordhuis reviewed Jun 11, 2016
View reviewed changes
src/inspector_socket.cc
@@ -1,4 +1,5 @@
#include "inspector_socket.h"
#include "util-inl.h"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#include "util.h" first.

@MylesBorins MylesBorins force-pushed the inspect-ws-case-insensitive branch from 263d9ef to ec6604a Compare June 11, 2016 16:47
@MylesBorins
Copy link
Contributor Author

MylesBorins commented Jun 11, 2016
edited
Loading

Updated based on @bnoordhuis's suggestions PTAL

ci: https://ci.nodejs.org/job/node-test-pull-request/2990/

bnoordhuis
bnoordhuis reviewed Jun 11, 2016
View reviewed changes
src/util-inl.h
@@ -219,6 +219,16 @@ bool StringEqualNoCase(const char* a, const char* b) {
return false;
}

bool StringEqualNoCaseN(const char* a, const char* b, size_t length) {
for (int i = 0; i < length; i++) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

size_t

@bnoordhuis
Copy link
Member

LGTM with comment.

@MylesBorins MylesBorins force-pushed the inspect-ws-case-insensitive branch from ec6604a to f5c8dc6 Compare June 11, 2016 19:46
@MylesBorins
Copy link
Contributor Author

MylesBorins commented Jun 11, 2016
edited
Loading

updated PTAL

@MylesBorins
Copy link
Contributor Author

If there are no other concerns with this PR I will merge it tomorrow morning

@MylesBorins MylesBorins force-pushed the inspect-ws-case-insensitive branch from f5c8dc6 to 02fd124 Compare June 13, 2016 18:07
@MylesBorins
src: make Sec-WebSocket-Key check case-insensitive
f1d1071 
Current case sensitive comparison is breaking netty-based WS clients.

replace strncmp with strncasecmp

Fixes: nodejs#7247
PR-URL: nodejs#7248
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
@MylesBorins MylesBorins force-pushed the inspect-ws-case-insensitive branch from 02fd124 to f1d1071 Compare June 14, 2016 18:10
@MylesBorins MylesBorins merged commit f1d1071 into nodejs:master Jun 14, 2016
@MylesBorins MylesBorins added this to the 7.0.0 milestone Jun 14, 2016
@MylesBorins MylesBorins mentioned this pull request Jun 14, 2016
Closed
Fishrock123 pushed a commit that referenced this pull request Jul 5, 2016
@MylesBorins @Fishrock123
src: make Sec-WebSocket-Key check case-insensitive
3d69ad1 
Current case sensitive comparison is breaking netty-based WS clients.

replace strncmp with strncasecmp

Fixes: #7247
PR-URL: #7248
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
@Fishrock123 Fishrock123 mentioned this pull request Jul 5, 2016
Merged
@MylesBorins MylesBorins deleted the inspect-ws-case-insensitive branch July 8, 2016 14:53
@MylesBorins MylesBorins mentioned this pull request Jul 11, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. inspector Issues and PRs related to the V8 inspector protocol
Projects
None yet
Milestone
7.0.0
7 participants
@MylesBorins @cjihrig @pavelfeldman @ofrobots @bnoordhuis @addaleax @Fishrock123