Commit abbd44e2 authored by Deomid Ryabkov's avatar Deomid Ryabkov Committed by Cesanta Bot

Fix WS handshake nonce generation

PUBLISHED_FROM=ae8d436db9aee9aec7b5ac1cbee6bc4e32d8c6cf
parent 13e80e6b
...@@ -5228,11 +5228,14 @@ void mg_set_protocol_http_websocket(struct mg_connection *nc) { ...@@ -5228,11 +5228,14 @@ void mg_set_protocol_http_websocket(struct mg_connection *nc) {
void mg_send_websocket_handshake2(struct mg_connection *nc, const char *path, void mg_send_websocket_handshake2(struct mg_connection *nc, const char *path,
const char *host, const char *protocol, const char *host, const char *protocol,
const char *extra_headers) { const char *extra_headers) {
/* pretty poor source of randomness, TODO fix */ char key[25];
unsigned long random = (unsigned long) (uintptr_t) path; uint32_t nonce[4];
char key[sizeof(random) * 3]; nonce[0] = mg_ws_random_mask();
nonce[1] = mg_ws_random_mask();
nonce[2] = mg_ws_random_mask();
nonce[3] = mg_ws_random_mask();
mg_base64_encode((unsigned char *) &nonce, sizeof(nonce), key);
mg_base64_encode((unsigned char *) &random, sizeof(random), key);
mg_printf(nc, mg_printf(nc,
"GET %s HTTP/1.1\r\n" "GET %s HTTP/1.1\r\n"
"Upgrade: websocket\r\n" "Upgrade: websocket\r\n"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment