From 348ec0844fbe1471c918d788df6aa0c1db82ba13 Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Sat, 10 Dec 2016 09:14:37 +0800
Subject: [PATCH] ws-server: restrict returned Sec-Websocket-Protocol to the
 chosen name only

https://libwebsockets.org/pipermail/libwebsockets/2016-November/002948.html

Updated to fix a problem with no protocol

https://github.com/warmcat/libwebsockets/issues/705

Change-Id: I06e9f9d5849e66291b246316008c6e2c5981a372
---
 lib/server-handshake.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/server-handshake.c b/lib/server-handshake.c
index 7328e5e..ed257de 100644
--- a/lib/server-handshake.c
+++ b/lib/server-handshake.c
@@ -214,7 +214,12 @@ handshake_0405(struct lws_context *context, struct lws *wsi)
 	strcpy(p, (char *)pt->serv_buf);
 	p += accept_len;
 
-	if (wsi->protocol->name && wsi->protocol->name[0]) {
+	/* we can only return the protocol header if:
+	 *  - one came in, and ... */
+	if (lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL) &&
+	    /*  - it is not an empty string */
+	    wsi->protocol->name &&
+	    wsi->protocol->name[0]) {
 		LWS_CPYAPP(p, "\x0d\x0aSec-WebSocket-Protocol: ");
 		p += lws_snprintf(p, 128, "%s", wsi->protocol->name);
 	}
-- 
2.7.4