qemu/io
Daniel P. Berrange 07e95cd529 io: fully parse & validate HTTP headers for websocket protocol handshake
The current websockets protocol handshake code is very relaxed, just
doing crude string searching across the HTTP header data. This causes
it to both reject valid connections and fail to reject invalid
connections. For example, according to the RFC 6455 it:

 - MUST reject any method other than "GET"
 - MUST reject any HTTP version less than "HTTP/1.1"
 - MUST reject Connection header without "Upgrade" listed
 - MUST reject Upgrade header which is not 'websocket'
 - MUST reject missing Host header
 - MUST treat HTTP header names as case insensitive

To do all this validation correctly requires that we fully parse the
HTTP headers, populating a data structure containing the header
fields.

After this change, we also reject any path other than '/'

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-02-28 11:51:16 +00:00
..
Makefile.objs io: introduce a DNS resolver API 2017-01-23 15:32:46 +00:00
channel-buffer.c io: avoid double-free when closing QIOChannelBuffer 2016-05-26 11:31:09 +05:30
channel-command.c io: add methods to set I/O handlers on AioContext 2017-02-21 11:14:07 +00:00
channel-file.c io: add methods to set I/O handlers on AioContext 2017-02-21 11:14:07 +00:00
channel-socket.c io: add methods to set I/O handlers on AioContext 2017-02-21 11:14:07 +00:00
channel-tls.c io: add methods to set I/O handlers on AioContext 2017-02-21 11:14:07 +00:00
channel-util.c all: Clean up includes 2016-02-23 12:43:05 +00:00
channel-watch.c io: add methods to set I/O handlers on AioContext 2017-02-21 11:14:07 +00:00
channel-websock.c io: fully parse & validate HTTP headers for websocket protocol handshake 2017-02-28 11:51:16 +00:00
channel.c io: make qio_channel_yield aware of AioContexts 2017-02-21 11:14:07 +00:00
dns-resolver.c io: introduce a DNS resolver API 2017-01-23 15:32:46 +00:00
task.c io: fix possible double free of task error object 2017-01-26 10:26:18 +00:00
trace-events io: change the QIOTask callback signature 2017-01-23 15:32:18 +00:00