[Libwebsockets] unknown headers considered dangerous

Danomi Czaski djczaski at gmail.com
Fri May 15 22:30:20 CEST 2015


My libwebsocket client isn't able to connect to a websocket server
based upon Microsoft IIS. The first problem I hit is a parser error
because the server returns additional response headers ("X-*") that
aren't known to libwebsocket.

    Cache-Control:private
    Connection:Upgrade
    Date:Fri, 15 May 2015 15:11:29 GMT
    Sec-WebSocket-Accept:CVB5IoipLn3LKyulNQ1H2Ox4sC4=
    Server:Microsoft-IIS/8.0
    Upgrade:Websocket
    X-AspNet-Version:4.0.30319
    X-Powered-By:ASP.NET
    X-SourceFiles:=?UTF-8?B?QzpccHJvamVjdHNcQXBwc1xXZWJTb2NrZXRTZXJ2ZXJUZXN0XFdlYlNvY2tldFNlcnZlclxhcGlcZGV2aWNlXA==?=

Is there a reason for considering unknown headers so dangerous rather
than just ignoring them? The patch is simple enough, but I'd hate to
have to patch libwebsocket for this. Is this something that could be
added?

    $ git diff lib/parsers.c
    diff --git a/lib/parsers.c b/lib/parsers.c
    index 954eeaa..54a90aa 100644
    --- a/lib/parsers.c
    +++ b/lib/parsers.c
    @@ -424,7 +424,7 @@ swallow:

                            if (m == ARRAY_SIZE(methods)) {
                                    lwsl_info("Unknown method - dropping\n");
    -                               return -1;
    +                               wsi->u.hdr.parser_state =
WSI_TOKEN_SKIPPING;
                            }
                            break;
                    }



More information about the Libwebsockets mailing list