dovecot-2.2: lib-http auth: Fixed assertion on the validity of t...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Aug 18 18:02:25 UTC 2015
details: http://hg.dovecot.org/dovecot-2.2/rev/cc09fc9194d1
changeset: 18955:cc09fc9194d1
user: Stephan Bosch <stephan at rename-it.nl>
date: Tue Aug 18 20:39:24 2015 +0300
description:
lib-http auth: Fixed assertion on the validity of the token68 encountered during conversion to string.
diffstat:
src/lib-http/http-auth.c | 24 ++++++++++++++----------
1 files changed, 14 insertions(+), 10 deletions(-)
diffs (50 lines):
diff -r 9d530e890669 -r cc09fc9194d1 src/lib-http/http-auth.c
--- a/src/lib-http/http-auth.c Tue Aug 18 20:39:24 2015 +0300
+++ b/src/lib-http/http-auth.c Tue Aug 18 20:39:24 2015 +0300
@@ -285,6 +285,18 @@
}
}
+static void http_auth_check_token68(const char *data)
+{
+ const char *p = data;
+
+ /* Make sure we're not working with nonsense. */
+ i_assert(http_char_is_token68(*p));
+ for (p++; *p != '\0' && *p != '='; p++)
+ i_assert(http_char_is_token68(*p));
+ for (; *p != '\0'; p++)
+ i_assert(*p == '=');
+}
+
void http_auth_create_challenge(string_t *out,
const struct http_auth_challenge *chlng)
{
@@ -296,12 +308,8 @@
str_append(out, chlng->scheme);
if (chlng->data != NULL) {
- const char *p;
-
/* SP token68 */
- for (p = chlng->data; *p != '\0'; p++)
- i_assert(http_char_is_token68(*p));
-
+ http_auth_check_token68(chlng->data);
str_append_c(out, ' ');
str_append(out, chlng->data);
@@ -343,12 +351,8 @@
str_append(out, crdts->scheme);
if (crdts->data != NULL) {
- const char *p;
-
/* SP token68 */
- for (p = crdts->data; *p != '\0'; p++)
- i_assert(http_char_is_token68(*p));
-
+ http_auth_check_token68(crdts->data);
str_append_c(out, ' ');
str_append(out, crdts->data);
More information about the dovecot-cvs
mailing list