Overview
Artifact ID: | 5548bad0c3ffda29264869cc20b326b4822ce404 |
---|---|
Ticket: | 5d23e45b0ec5a81e67aa1f492339a31e4c8b4ada
Websocket keys should not be wrapped |
User & Date: | anonymous 2014-09-22 15:38:26 |
Changes
- assignee changed to: "nobody"
- closer changed to: "nobody"
- cmimetype changed to: "text/plain"
- comment changed to:
::base64::encode defaults to line folding. Make sure WebSocket keys are not folded. -------- >8 -------- commit 4ed0887b50c262df6b1477d92b950d0be16943d6 Author: Adrián Medraño Calvo <[email protected]> Date: Mon Sep 22 17:35:00 2014 +0200 [ws]: Make sure not to wrap the WebSocket key diff --git a/src/websocket.tcl b/src/websocket.tcl index 6d60537..a9e0624 100644 --- a/src/websocket.tcl +++ b/src/websocket.tcl @@ -1434,7 +1434,7 @@ proc ::websocket::open { url handler args } { for { set i 0 } { $i < 4 } { incr i } { append OPEN(nonce) [binary format Iu [expr {int(rand()*4294967296)}]] } - set OPEN(nonce) [::base64::encode $OPEN(nonce)] + set OPEN(nonce) [::base64::encode -maxlen 0 $OPEN(nonce)] set HDR(Sec-WebSocket-Key) $OPEN(nonce) set HDR(Sec-WebSocket-Protocol) [join $protos ", "] set HDR(Sec-WebSocket-Version) $WS(ws_version) @@ -1652,7 +1652,7 @@ proc ::websocket::configure { sock args } { proc ::websocket::sec-websocket-accept { key } { variable WS set sec ${key}$WS(ws_magic) - return [::base64::encode [sha1::sha1 -bin $sec]] + return [::base64::encode -maxlen 0 [sha1::sha1 -bin $sec]] } # ::websocket::SplitCommaSeparated -- Extract elements from comma-separated headers
- is_private changed to: "0"
- login: "anonymous"
- priority changed to: "5 Medium"
- private_contact changed to: "139b1eaf5ce8aad0f86e2ad385566019220aa1cf"
- resolution changed to: "None"
- severity changed to: "Minor"
- status changed to: "Open"
- submitter changed to: "anonymous"
- subsystem changed to: "websocket"
- title changed to: "Websocket keys should not be wrapped"
- type changed to: "Bug"