mirror of
https://github.com/servo/servo.git
synced 2025-08-03 04:30:10 +01:00
Auto merge of #9400 - jmr0:websocket, r=nox
Fixing websocket subprotocol header validation This takes care of https://github.com/servo/servo/issues/9034 <!-- Reviewable:start --> [<img src="https://reviewable.io/review_button.png" height=40 alt="Review on Reviewable"/>](https://reviewable.io/reviews/servo/servo/9400) <!-- Reviewable:end -->
This commit is contained in:
commit
e74021baaa
7 changed files with 109 additions and 38 deletions
|
@ -11,6 +11,7 @@ use std::ops;
|
|||
use std::str;
|
||||
use std::str::FromStr;
|
||||
use util::mem::HeapSizeOf;
|
||||
use util::str::is_token;
|
||||
|
||||
/// Encapsulates the IDL `ByteString` type.
|
||||
#[derive(JSTraceable, Clone, Eq, PartialEq, HeapSizeOf)]
|
||||
|
@ -49,35 +50,7 @@ impl ByteString {
|
|||
/// [RFC 2616](http://tools.ietf.org/html/rfc2616#page-17).
|
||||
pub fn is_token(&self) -> bool {
|
||||
let ByteString(ref vec) = *self;
|
||||
if vec.is_empty() {
|
||||
return false; // A token must be at least a single character
|
||||
}
|
||||
vec.iter().all(|&x| {
|
||||
// http://tools.ietf.org/html/rfc2616#section-2.2
|
||||
match x {
|
||||
0...31 | 127 => false, // CTLs
|
||||
40 |
|
||||
41 |
|
||||
60 |
|
||||
62 |
|
||||
64 |
|
||||
44 |
|
||||
59 |
|
||||
58 |
|
||||
92 |
|
||||
34 |
|
||||
47 |
|
||||
91 |
|
||||
93 |
|
||||
63 |
|
||||
61 |
|
||||
123 |
|
||||
125 |
|
||||
32 => false, // separators
|
||||
x if x > 127 => false, // non-CHARs
|
||||
_ => true,
|
||||
}
|
||||
})
|
||||
is_token(vec)
|
||||
}
|
||||
|
||||
/// Returns whether `self` is a `field-value`, as defined by
|
||||
|
|
|
@ -36,11 +36,12 @@ use net_traits::unwrap_websocket_protocol;
|
|||
use net_traits::{WebSocketCommunicate, WebSocketConnectData, WebSocketDomAction, WebSocketNetworkEvent};
|
||||
use script_thread::ScriptThreadEventCategory::WebSocketEvent;
|
||||
use script_thread::{CommonScriptMsg, Runnable, ScriptChan};
|
||||
use std::ascii::AsciiExt;
|
||||
use std::borrow::ToOwned;
|
||||
use std::cell::Cell;
|
||||
use std::ptr;
|
||||
use std::thread;
|
||||
use util::str::DOMString;
|
||||
use util::str::{DOMString, is_token};
|
||||
use websocket::client::request::Url;
|
||||
use websocket::header::{Headers, WebSocketProtocol};
|
||||
use websocket::ws::util::url::parse_url;
|
||||
|
@ -220,17 +221,13 @@ impl WebSocket {
|
|||
for (i, protocol) in protocols.iter().enumerate() {
|
||||
// https://tools.ietf.org/html/rfc6455#section-4.1
|
||||
// Handshake requirements, step 10
|
||||
if protocol.is_empty() {
|
||||
|
||||
if protocols[i + 1..].iter().any(|p| p.eq_ignore_ascii_case(protocol)) {
|
||||
return Err(Error::Syntax);
|
||||
}
|
||||
|
||||
if protocols[i + 1..].iter().any(|p| p == protocol) {
|
||||
return Err(Error::Syntax);
|
||||
}
|
||||
|
||||
// TODO: also check that no separator characters are used
|
||||
// https://tools.ietf.org/html/rfc6455#section-4.1
|
||||
if protocol.chars().any(|c| c < '\u{0021}' || c > '\u{007E}') {
|
||||
if !is_token(protocol.as_bytes()) {
|
||||
return Err(Error::Syntax);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue