From 19b70adc70ca66cc862f3fd065e354af64b7b011 Mon Sep 17 00:00:00 2001 From: bel2125 Date: Sat, 30 Dec 2023 11:18:38 +0100 Subject: [PATCH] websocket client "magic" key should be random Fixes #1220 --- CREDITS.md | 1 + src/civetweb.c | 21 ++++++++++++++++++++- unittest/public_server.c | 2 +- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/CREDITS.md b/CREDITS.md index fc98b637..f1e1d150 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -225,6 +225,7 @@ * Torben Jonas * Uilian Ries * Ulrich Hertlein +* videofan3d * Walt Steverson * wangli28 * webxer diff --git a/src/civetweb.c b/src/civetweb.c index 4cb8f485..be4f4cde 100644 --- a/src/civetweb.c +++ b/src/civetweb.c @@ -19243,6 +19243,24 @@ websocket_client_thread(void *data) #endif +#if defined(USE_WEBSOCKET) +static void +generate_websocket_magic(char *magic25) +{ + uint64_t rnd; + unsigned char buffer[2 * sizeof(rnd)]; + + rnd = get_random(); + memcpy(buffer, &rnd, sizeof(rnd)); + rnd = get_random(); + memcpy(buffer + sizeof(rnd), &rnd, sizeof(rnd)); + + size_t dst_len = 24 + 1; + mg_base64_encode(buffer, sizeof(buffer), magic25, &dst_len); +} +#endif + + static struct mg_connection * mg_connect_websocket_client_impl(const struct mg_client_options *client_options, int use_ssl, @@ -19259,7 +19277,8 @@ mg_connect_websocket_client_impl(const struct mg_client_options *client_options, #if defined(USE_WEBSOCKET) struct websocket_client_thread_data *thread_data; - static const char *magic = "x3JJHMbDL1EzLkh9GBhXDw=="; + char magic[32]; + generate_websocket_magic(magic); const char *host = client_options->host; int i; diff --git a/unittest/public_server.c b/unittest/public_server.c index 02bf5255..42625e66 100644 --- a/unittest/public_server.c +++ b/unittest/public_server.c @@ -1316,7 +1316,7 @@ START_TEST(test_request_handlers) char cmd_buf[1024]; char *cgi_env_opt; - const char *server_host = "test.domain"; + const char *server_host = "localhost"; //"test.domain"; mark_point();