fix websocket header validation, ensure it meets token requirements, add

testing
This commit is contained in:
jmr0 2016-01-03 11:51:25 -05:00
parent 5b2d2c0ed8
commit 3846cf52f2
7 changed files with 109 additions and 38 deletions

View file

@ -11,6 +11,7 @@ use std::ops;
use std::str;
use std::str::FromStr;
use util::mem::HeapSizeOf;
use util::str::is_token;
/// Encapsulates the IDL `ByteString` type.
#[derive(JSTraceable, Clone, Eq, PartialEq, HeapSizeOf)]
@ -49,35 +50,7 @@ impl ByteString {
/// [RFC 2616](http://tools.ietf.org/html/rfc2616#page-17).
pub fn is_token(&self) -> bool {
let ByteString(ref vec) = *self;
if vec.is_empty() {
return false; // A token must be at least a single character
}
vec.iter().all(|&x| {
// http://tools.ietf.org/html/rfc2616#section-2.2
match x {
0...31 | 127 => false, // CTLs
40 |
41 |
60 |
62 |
64 |
44 |
59 |
58 |
92 |
34 |
47 |
91 |
93 |
63 |
61 |
123 |
125 |
32 => false, // separators
x if x > 127 => false, // non-CHARs
_ => true,
}
})
is_token(vec)
}
/// Returns whether `self` is a `field-value`, as defined by

View file

@ -34,11 +34,12 @@ use net_traits::unwrap_websocket_protocol;
use net_traits::{WebSocketCommunicate, WebSocketConnectData, WebSocketDomAction, WebSocketNetworkEvent};
use script_thread::ScriptThreadEventCategory::WebSocketEvent;
use script_thread::{CommonScriptMsg, Runnable, ScriptChan};
use std::ascii::AsciiExt;
use std::borrow::ToOwned;
use std::cell::Cell;
use std::ptr;
use std::thread;
use util::str::DOMString;
use util::str::{DOMString, is_token};
use websocket::client::request::Url;
use websocket::header::{Headers, WebSocketProtocol};
use websocket::ws::util::url::parse_url;
@ -218,17 +219,13 @@ impl WebSocket {
for (i, protocol) in protocols.iter().enumerate() {
// https://tools.ietf.org/html/rfc6455#section-4.1
// Handshake requirements, step 10
if protocol.is_empty() {
if protocols[i + 1..].iter().any(|p| p.eq_ignore_ascii_case(protocol)) {
return Err(Error::Syntax);
}
if protocols[i + 1..].iter().any(|p| p == protocol) {
return Err(Error::Syntax);
}
// TODO: also check that no separator characters are used
// https://tools.ietf.org/html/rfc6455#section-4.1
if protocol.chars().any(|c| c < '\u{0021}' || c > '\u{007E}') {
if !is_token(protocol.as_bytes()) {
return Err(Error::Syntax);
}
}