extern/KasmVNC
1
0
Fork 0
mirror of https://github.com/kasmtech/KasmVNC.git synced 2025-06-27 05:01:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update websocket.c

Browse Source 
Host header, Connection, and Authorization header should not be case sensitive
This commit is contained in:
Nathan Wagner 2025-02-15 18:32:52 -05:00 committed by GitHub
parent 5ea11df3c0
commit 2a2fe63503
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
common/network/websocket.c
View File

@ -644,7 +644,7 @@ int parse_handshake(ws_ctx_t *ws_ctx, char *handshake) {
strncpy(headers->path, start, end-start); strncpy(headers->path, start, end-start);
headers->path[end-start] = '\0'; headers->path[end-start] = '\0';
start = strstr(handshake, "\r\nHost: "); start = strcasestr(handshake, "\r\nHost: ");
if (!start) { err("missing Host header"); return 0; } if (!start) { err("missing Host header"); return 0; }
start += 8; start += 8;
end = strstr(start, "\r\n"); end = strstr(start, "\r\n");
@ -681,7 +681,7 @@ int parse_handshake(ws_ctx_t *ws_ctx, char *handshake) {
strncpy(headers->key1, start, end-start); strncpy(headers->key1, start, end-start);
headers->key1[end-start] = '\0'; headers->key1[end-start] = '\0';
start = strstr(handshake, "\r\nConnection: "); start = strcasestr(handshake, "\r\nConnection: ");
if (!start) { err("missing Connection header"); return 0; } if (!start) { err("missing Connection header"); return 0; }
start += 14; start += 14;
end = strstr(start, "\r\n"); end = strstr(start, "\r\n");
@ -1883,7 +1883,7 @@ ws_ctx_t *do_handshake(int sock, char * const ip) {
unsigned char owner = 0; unsigned char owner = 0;
char inuser[USERNAME_LEN] = "-"; char inuser[USERNAME_LEN] = "-";
if (!settings.disablebasicauth) { if (!settings.disablebasicauth) {
const char *hdr = strstr(handshake, "Authorization: Basic "); const char *hdr = strcasestr(handshake, "Authorization: Basic ");
if (!hdr) { if (!hdr) {
bl_addFailure(ip); bl_addFailure(ip);
wserr("Authentication attempt failed, BasicAuth required, but client didn't send any\n"); wserr("Authentication attempt failed, BasicAuth required, but client didn't send any\n");