1. 28 Feb, 2017 2 commits
    • Daniel P. Berrange's avatar
      io: fully parse & validate HTTP headers for websocket protocol handshake · 07e95cd5
      Daniel P. Berrange authored
      The current websockets protocol handshake code is very relaxed, just
      doing crude string searching across the HTTP header data. This causes
      it to both reject valid connections and fail to reject invalid
      connections. For example, according to the RFC 6455 it:
      
       - MUST reject any method other than "GET"
       - MUST reject any HTTP version less than "HTTP/1.1"
       - MUST reject Connection header without "Upgrade" listed
       - MUST reject Upgrade header which is not 'websocket'
       - MUST reject missing Host header
       - MUST treat HTTP header names as case insensitive
      
      To do all this validation correctly requires that we fully parse the
      HTTP headers, populating a data structure containing the header
      fields.
      
      After this change, we also reject any path other than '/'
      Signed-off-by: 's avatarDaniel P. Berrange <berrange@redhat.com>
      07e95cd5
    • Daniel P. Berrange's avatar
      io: fix decoding when multiple websockets frames arrive at once · cd892a2e
      Daniel P. Berrange authored
      The qio_channel_websock_read_wire() method will read upto 4096
      bytes off the socket and then decode the websockets header and
      payload. The code was only decoding a single websockets frame,
      even if the buffered data contained multiple frames. This meant
      that decoding of subsequent frames was delayed until further
      input arrived on the socket. This backlog of delayed frames
      gets worse & worse over time.
      
      Symptom was that when connecting to the VNC server via the
      built-in websockets server, mouse/keyboard interaction would
      start out fine, but slowly get more & more delayed until it
      was unusable.
      Signed-off-by: 's avatarDaniel P. Berrange <berrange@redhat.com>
      cd892a2e
  2. 23 Jan, 2017 1 commit
  3. 26 Oct, 2016 2 commits
  4. 03 Aug, 2016 1 commit
  5. 19 May, 2016 1 commit
  6. 22 Mar, 2016 1 commit
    • Markus Armbruster's avatar
      include/qemu/osdep.h: Don't include qapi/error.h · da34e65c
      Markus Armbruster authored
      Commit 57cb38b3 included qapi/error.h into qemu/osdep.h to get the
      Error typedef.  Since then, we've moved to include qemu/osdep.h
      everywhere.  Its file comment explains: "To avoid getting into
      possible circular include dependencies, this file should not include
      any other QEMU headers, with the exceptions of config-host.h,
      compiler.h, os-posix.h and os-win32.h, all of which are doing a
      similar job to this file and are under similar constraints."
      qapi/error.h doesn't do a similar job, and it doesn't adhere to
      similar constraints: it includes qapi-types.h.  That's in excess of
      100KiB of crap most .c files don't actually need.
      
      Add the typedef to qemu/typedefs.h, and include that instead of
      qapi/error.h.  Include qapi/error.h in .c files that need it and don't
      get it now.  Include qapi-types.h in qom/object.h for uint16List.
      
      Update scripts/clean-includes accordingly.  Update it further to match
      reality: replace config.h by config-target.h, add sysemu/os-posix.h,
      sysemu/os-win32.h.  Update the list of includes in the qemu/osdep.h
      comment quoted above similarly.
      
      This reduces the number of objects depending on qapi/error.h from "all
      of them" to less than a third.  Unfortunately, the number depending on
      qapi-types.h shrinks only a little.  More work is needed for that one.
      Signed-off-by: 's avatarMarkus Armbruster <armbru@redhat.com>
      [Fix compilation without the spice devel packages. - Paolo]
      Signed-off-by: 's avatarPaolo Bonzini <pbonzini@redhat.com>
      da34e65c
  7. 04 Feb, 2016 1 commit
    • Peter Maydell's avatar
      io: Clean up includes · cae9fc56
      Peter Maydell authored
      Clean up includes so that osdep.h is included first and headers
      which it implies are not included manually.
      
      This commit was created with scripts/clean-includes.
      Signed-off-by: 's avatarPeter Maydell <peter.maydell@linaro.org>
      Message-id: 1454089805-5470-14-git-send-email-peter.maydell@linaro.org
      cae9fc56
  8. 18 Dec, 2015 1 commit