From d943c8de94507a235e671464a9ce7dac1f030deb Mon Sep 17 00:00:00 2001 From: Jitin George Date: Tue, 12 Mar 2019 18:46:04 +0530 Subject: [PATCH] tcp_transport: Fix case sensitive header comparison Closes https://github.com/espressif/esp-idf/issues/3106 --- components/tcp_transport/CMakeLists.txt | 3 +- .../tcp_transport/transport_strcasestr.c | 57 +++++++++++++++++++ .../tcp_transport/transport_strcasestr.h | 38 +++++++++++++ components/tcp_transport/transport_ws.c | 4 +- 4 files changed, 99 insertions(+), 3 deletions(-) create mode 100644 components/tcp_transport/transport_strcasestr.c create mode 100644 components/tcp_transport/transport_strcasestr.h diff --git a/components/tcp_transport/CMakeLists.txt b/components/tcp_transport/CMakeLists.txt index e8125a726..9c2ef846b 100644 --- a/components/tcp_transport/CMakeLists.txt +++ b/components/tcp_transport/CMakeLists.txt @@ -2,7 +2,8 @@ set(COMPONENT_SRCS "transport.c" "transport_ssl.c" "transport_tcp.c" "transport_ws.c" - "transport_utils.c") + "transport_utils.c" + "transport_strcasestr.c") set(COMPONENT_ADD_INCLUDEDIRS "include") diff --git a/components/tcp_transport/transport_strcasestr.c b/components/tcp_transport/transport_strcasestr.c new file mode 100644 index 000000000..80551a4b3 --- /dev/null +++ b/components/tcp_transport/transport_strcasestr.c @@ -0,0 +1,57 @@ +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * The quadratic code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* Linear algorithm Copyright (C) 2008 Eric Blake + * Permission to use, copy, modify, and distribute the linear portion of + * software is freely granted, provided that this notice is preserved. + */ +#include "transport_strcasestr.h" +#include +#include + +char *transport_strcasestr(const char *buffer, const char *key) +{ + char c, sc; + size_t len; + + if ((c = *key++) != 0) { + c = tolower((unsigned char)c); + len = strlen(key); + do { + do { + if ((sc = *buffer++) == 0) + return (NULL); + } while ((char)tolower((unsigned char)sc) != c); + } while (strncasecmp(buffer, key, len) != 0); + buffer--; + } + return ((char *)buffer); +} diff --git a/components/tcp_transport/transport_strcasestr.h b/components/tcp_transport/transport_strcasestr.h new file mode 100644 index 000000000..e337d90d5 --- /dev/null +++ b/components/tcp_transport/transport_strcasestr.h @@ -0,0 +1,38 @@ +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * The quadratic code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* Linear algorithm Copyright (C) 2008 Eric Blake + * Permission to use, copy, modify, and distribute the linear portion of + * software is freely granted, provided that this notice is preserved. + */ + +char *transport_strcasestr(const char *buffer, const char *key); + diff --git a/components/tcp_transport/transport_ws.c b/components/tcp_transport/transport_ws.c index 55ea6d115..6480fb082 100644 --- a/components/tcp_transport/transport_ws.c +++ b/components/tcp_transport/transport_ws.c @@ -8,6 +8,7 @@ #include "esp_transport_tcp.h" #include "esp_transport_ws.h" #include "esp_transport_utils.h" +#include "transport_strcasestr.h" #include "mbedtls/base64.h" #include "mbedtls/sha1.h" @@ -60,10 +61,9 @@ static char *trimwhitespace(const char *str) return (char *)str; } - static char *get_http_header(const char *buffer, const char *key) { - char *found = strstr(buffer, key); + char *found = transport_strcasestr(buffer, key); if (found) { found += strlen(key); char *found_end = strstr(found, "\r\n");