From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 25 Apr 2025 21:36:05 +0000 (+0200)
Subject: ws: fix the header replace check
X-Git-Tag: curl-8_14_0~201
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=991c30d0d647851560daf64faccc46f06d07e5f7;p=thirdparty%2Fcurl.git

ws: fix the header replace check

It passed in the wrong header length to the check function, which made
it do duplicated headers in cases where the user provides its own set.

Reported-by: sbernatsky on github
Fixes #17170
Closes #17194
Closes #16178
---

diff --git a/lib/ws.c b/lib/ws.c
index 3fb1d6edad..339bf544c5 100644
--- a/lib/ws.c
+++ b/lib/ws.c
@@ -778,18 +778,18 @@ CURLcode Curl_ws_request(struct Curl_easy *data, struct dynbuf *req)
     {
       /* The request MUST contain an |Upgrade| header field whose value
          MUST include the "websocket" keyword. */
-      "Upgrade:", "websocket"
+      "Upgrade", "websocket"
     },
     {
       /* The request MUST contain a |Connection| header field whose value
          MUST include the "Upgrade" token. */
-      "Connection:", "Upgrade",
+      "Connection", "Upgrade",
     },
     {
       /* The request MUST include a header field with the name
          |Sec-WebSocket-Version|. The value of this header field MUST be
          13. */
-      "Sec-WebSocket-Version:", "13",
+      "Sec-WebSocket-Version", "13",
     },
     {
       /* The request MUST include a header field with the name
@@ -797,7 +797,7 @@ CURLcode Curl_ws_request(struct Curl_easy *data, struct dynbuf *req)
          consisting of a randomly selected 16-byte value that has been
          base64-encoded (see Section 4 of [RFC4648]). The nonce MUST be
          selected randomly for each connection. */
-      "Sec-WebSocket-Key:", NULL,
+      "Sec-WebSocket-Key", NULL,
     }
   };
   heads[3].val = &keyval[0];
@@ -817,8 +817,8 @@ CURLcode Curl_ws_request(struct Curl_easy *data, struct dynbuf *req)
   strcpy(keyval, randstr);
   free(randstr);
   for(i = 0; !result && (i < CURL_ARRAYSIZE(heads)); i++) {
-    if(!Curl_checkheaders(data, STRCONST(heads[i].name))) {
-      result = Curl_dyn_addf(req, "%s %s\r\n", heads[i].name,
+    if(!Curl_checkheaders(data, heads[i].name, strlen(heads[i].name))) {
+      result = Curl_dyn_addf(req, "%s: %s\r\n", heads[i].name,
                              heads[i].val);
     }
   }