From: Andy Green <andy@warmcat.com>
Date: Sat, 10 Dec 2016 01:14:37 +0000 (+0800)
Subject: ws-server: restrict returned Sec-Websocket-Protocol to the chosen name only
X-Git-Tag: accepted/tizen/3.0.m2/mobile/20170105.024727^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Faccepted%2Ftizen_3.0_common;p=platform%2Fupstream%2Flibwebsockets.git

ws-server: restrict returned Sec-Websocket-Protocol to the chosen name only

https://libwebsockets.org/pipermail/libwebsockets/2016-November/002948.html

Updated to fix a problem with no protocol

https://github.com/warmcat/libwebsockets/issues/705

Change-Id: I06e9f9d5849e66291b246316008c6e2c5981a372
---

diff --git a/lib/server-handshake.c b/lib/server-handshake.c
index 7328e5e..ed257de 100644
--- a/lib/server-handshake.c
+++ b/lib/server-handshake.c
@@ -214,7 +214,12 @@ handshake_0405(struct lws_context *context, struct lws *wsi)
 	strcpy(p, (char *)pt->serv_buf);
 	p += accept_len;
 
-	if (wsi->protocol->name && wsi->protocol->name[0]) {
+	/* we can only return the protocol header if:
+	 *  - one came in, and ... */
+	if (lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL) &&
+	    /*  - it is not an empty string */
+	    wsi->protocol->name &&
+	    wsi->protocol->name[0]) {
 		LWS_CPYAPP(p, "\x0d\x0aSec-WebSocket-Protocol: ");
 		p += lws_snprintf(p, 128, "%s", wsi->protocol->name);
 	}