kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 36d603ea67332fff2a0aed5c7a2dea37ac77f660
parent fa78d249481d4a640f45c6bb951bee4eb77a3974
Author: Joris Vink <joris@coders.se>
Date:   Wed, 10 Jul 2013 10:37:37 +0200

When negotiating the protocol to be used using the NPN extension keep in mind that http/1.1 can be given there as well. (Googlebot does this, and thus couldn't access Kore sites).

On top of that be extra careful with how many bytes we memcmp() if we receive data from the NPN extension.

This fix makes googlebot and anybody negotiating http/1.1 over NPN properly.

Diffstat:
src/connection.c | 19+++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/src/connection.c b/src/connection.c @@ -14,6 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include <sys/param.h> #include <sys/socket.h> #include <fcntl.h> @@ -123,13 +124,19 @@ kore_connection_handle(struct connection *c) SSL_get0_next_proto_negotiated(c->ssl, &data, &len); if (data) { - if (!memcmp(data, "spdy/3", 6)) - kore_debug("using SPDY/3"); - c->proto = CONN_PROTO_SPDY; - net_recv_queue(c, SPDY_FRAME_SIZE, 0, - NULL, spdy_frame_recv); + if (!memcmp(data, "spdy/3", MIN(6, len))) { + c->proto = CONN_PROTO_SPDY; + net_recv_queue(c, SPDY_FRAME_SIZE, 0, + NULL, spdy_frame_recv); + } else if (!memcmp(data, "http/1.1", MIN(8, len))) { + c->proto = CONN_PROTO_HTTP; + net_recv_queue(c, HTTP_HEADER_MAX_LEN, + NETBUF_CALL_CB_ALWAYS, NULL, + http_header_recv); + } else { + kore_debug("npn: received unknown protocol"); + } } else { - kore_debug("using HTTP/1.1"); c->proto = CONN_PROTO_HTTP; net_recv_queue(c, HTTP_HEADER_MAX_LEN, NETBUF_CALL_CB_ALWAYS, NULL,