espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-02 10:00:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(transport_ws): Reject multiple Sec-WebSocket-Accept headers

Browse Source 
Enforce RFC6455 requirement:
    The |Sec-WebSocket-Accept| header MUST NOT
    appear more than once in an HTTP response.
This commit is contained in:
Richard Allen
2025-06-26 09:26:48 -05:00
committed by glmfe
parent eaa552f0fc
commit ec09815ed5
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
components/tcp_transport/transport_ws.c
View File

@@ -324,6 +324,11 @@ static int ws_connect(esp_transport_handle_t t, const char *host, int port, int
size_t header_sec_websocket_accept_len = strlen(header_sec_websocket_accept);
if (line_len >= header_sec_websocket_accept_len && !strncasecmp(header_cursor, header_sec_websocket_accept, header_sec_websocket_accept_len)) {
ESP_LOGD(TAG, "found server-key");
if(server_key || server_key_len){
// RFC6455: The |Sec-WebSocket-Accept| header MUST NOT appear more than once in an HTTP response.
ESP_LOGE(TAG, "Multiple Sec-WebSocket-Accept headers");
return -1;
}
server_key = header_cursor + header_sec_websocket_accept_len;
server_key_len = line_len - header_sec_websocket_accept_len;
}