fix(ws_transport): fixed server-key corruption

When first fragment is sent over HTTP during websocket
connection, defer buffering of fragment until after the
websocket server-key is validated.

This order is required because the first fragment buffering
overwrites the memory holding the server-key headers.

Fixes 2267d4b
Fixes https://github.com/espressif/esp-protocols/issues/396
PR https://github.com/espressif/esp-idf/pull/13724
This commit is contained in:
Richard Allen 2024-04-22 08:34:44 -05:00 committed by Suren Gabrielyan
parent 09dd046ba1
commit 10a2c2ccc9

View File

@ -307,20 +307,6 @@ static int ws_connect(esp_transport_handle_t t, const char *host, int port, int
return -1;
}
if (delim_ptr != NULL) {
size_t delim_pos = delim_ptr - ws->buffer + sizeof(delimiter) - 1;
size_t remaining_len = ws->buffer_len - delim_pos;
if (remaining_len > 0) {
memmove(ws->buffer, ws->buffer + delim_pos, remaining_len);
ws->buffer_len = remaining_len;
} else {
#ifdef CONFIG_WS_DYNAMIC_BUFFER
free(ws->buffer);
ws->buffer = NULL;
#endif
ws->buffer_len = 0;
}
}
// See esp_crypto_sha1() arg size
unsigned char expected_server_sha1[20];
// Size of base64 coded string see above
@ -340,6 +326,22 @@ static int ws_connect(esp_transport_handle_t t, const char *host, int port, int
ESP_LOGE(TAG, "Invalid websocket key");
return -1;
}
if (delim_ptr != NULL) {
size_t delim_pos = delim_ptr - ws->buffer + sizeof(delimiter) - 1;
size_t remaining_len = ws->buffer_len - delim_pos;
if (remaining_len > 0) {
memmove(ws->buffer, ws->buffer + delim_pos, remaining_len);
ws->buffer_len = remaining_len;
} else {
#ifdef CONFIG_WS_DYNAMIC_BUFFER
free(ws->buffer);
ws->buffer = NULL;
#endif
ws->buffer_len = 0;
}
}
return 0;
}