espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-02 10:00:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'contrib/github_pr_16199' into 'master'

Browse Source 
Fix/ws transport reject multisec (GitHub PR)

Closes IDFGH-15569

See merge request espressif/esp-idf!41873
This commit is contained in:
Guilherme Ferreira
2025-09-18 06:37:06 +08:00
parent 5c5eb99eab ec09815ed5
commit 54b5210584
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
components/tcp_transport/transport_ws.c
View File

@@ -324,6 +324,11 @@ static int ws_connect(esp_transport_handle_t t, const char *host, int port, int
size_t header_sec_websocket_accept_len = strlen(header_sec_websocket_accept); size_t header_sec_websocket_accept_len = strlen(header_sec_websocket_accept);
if (line_len >= header_sec_websocket_accept_len && !strncasecmp(header_cursor, header_sec_websocket_accept, header_sec_websocket_accept_len)) { if (line_len >= header_sec_websocket_accept_len && !strncasecmp(header_cursor, header_sec_websocket_accept, header_sec_websocket_accept_len)) {
ESP_LOGD(TAG, "found server-key"); ESP_LOGD(TAG, "found server-key");
if(server_key || server_key_len){
// RFC6455: The |Sec-WebSocket-Accept| header MUST NOT appear more than once in an HTTP response.
ESP_LOGE(TAG, "Multiple Sec-WebSocket-Accept headers");
return -1;
}
server_key = header_cursor + header_sec_websocket_accept_len; server_key = header_cursor + header_sec_websocket_accept_len;
server_key_len = line_len - header_sec_websocket_accept_len; server_key_len = line_len - header_sec_websocket_accept_len;
} }