Overview
| Artifact ID: | 74815fb87ebcc954f25696b108805293bc8a19a4 |
|---|---|
| Ticket: | 561c505d9760b278249fb814587c1b5b92395dc8
WebSocket headers not correctly checked |
| User & Date: | anonymous 2015-04-16 08:16:12 |
Changes
- assignee changed to: "nobody"
- closer changed to: "nobody"
- cmimetype changed to: "text/plain"
- comment changed to:
Requests were being (incorrectly) processed without checking whether they include the Upgrade and Connect headers. The following patch solves the issue. commit 559a6dbc8a2bad39a3363d994237cc92 Author: Adrián Medraño Calvo <[email protected]> Date: Thu Apr 16 10:10:35 2015 +0200 [ws]: Ensure WebSocket headers are present Requests were (incorrectly) processed without checking whether they include the Upgrade and Connect headers. The following patch solves the issue. diff --git a/src/websocket.tcl b/src/websocket.tcl index 6d60537..a9e0624 100644 --- a/src/websocket.tcl +++ b/src/websocket.tcl @@ -431,8 +431,17 @@ } dict lappend res protocols {*}$protocols; } + default { + # Ignore other headers. + } } } + if {!$upgrading} { + ThrowError "No 'Connect' header with 'upgrade' token found" HANDSHAKE CONNECTION + } + if {!$websocket} { + ThrowError "No 'Upgrade' header with 'websocket' token found" HANDSHAKE UPGRADE + } if {![dict exists $res version]} { ThrowError "No WebSocket version specified" HANDSHAKE VERSION }
- foundin changed to: "1.4"
- is_private changed to: "0"
- login: "anonymous"
- priority changed to: "5 Medium"
- private_contact changed to: "7e3820ed81064cf9306d34dd9be1633e66f1a08b"
- resolution changed to: "None"
- severity changed to: "Severe"
- status changed to: "Open"
- submitter changed to: "anonymous"
- subsystem changed to: "websocket"
- title changed to: "WebSocket headers not correctly checked"
- type changed to: "Bug"