[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r36370 - in libmicrohttpd: . src/include src/microhttpd
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r36370 - in libmicrohttpd: . src/include src/microhttpd |
|
Date: |
Fri, 25 Sep 2015 09:51:21 +0200 |
Author: grothoff
Date: 2015-09-25 09:51:21 +0200 (Fri, 25 Sep 2015)
New Revision: 36370
Modified:
libmicrohttpd/ChangeLog
libmicrohttpd/src/include/microhttpd.h
libmicrohttpd/src/microhttpd/connection.c
libmicrohttpd/src/microhttpd/digestauth.c
Log:
fix digest auth when used with more complex arguments being passed to GET, i.e.
keys without missing values at the beginning and certain other constellations
Modified: libmicrohttpd/ChangeLog
===================================================================
--- libmicrohttpd/ChangeLog 2015-09-22 17:21:33 UTC (rev 36369)
+++ libmicrohttpd/ChangeLog 2015-09-25 07:51:21 UTC (rev 36370)
@@ -1,3 +1,8 @@
+Fri Sep 25 09:49:10 CEST 2015
+ Fix digest authentication with URL arguments where
+ value-less keys are given before the last argument.
+ Thanks to MA for reporting. -CG
+
Tue Sep 22 19:17:54 CEST 2015
Do not use shutdown() on listen socket if MHD_USE_PIPE_FOR_SHUTDOWN
is set. -CG
Modified: libmicrohttpd/src/include/microhttpd.h
===================================================================
--- libmicrohttpd/src/include/microhttpd.h 2015-09-22 17:21:33 UTC (rev
36369)
+++ libmicrohttpd/src/include/microhttpd.h 2015-09-25 07:51:21 UTC (rev
36370)
@@ -130,7 +130,7 @@
* Current version of the library.
* 0x01093001 = 1.9.30-1.
*/
-#define MHD_VERSION 0x00094301
+#define MHD_VERSION 0x00094302
/**
* MHD-internal return code for "YES".
Modified: libmicrohttpd/src/microhttpd/connection.c
===================================================================
--- libmicrohttpd/src/microhttpd/connection.c 2015-09-22 17:21:33 UTC (rev
36369)
+++ libmicrohttpd/src/microhttpd/connection.c 2015-09-25 07:51:21 UTC (rev
36370)
@@ -1,5 +1,5 @@
/*
- This file is part of libmicrohttpd
+ This file is part of libmicrohttpd
Copyright (C) 2007-2015 Daniel Pittman and Christian Grothoff
This library is free software; you can redistribute it and/or
@@ -17,7 +17,6 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
USA
*/
-
/**
* @file connection.c
* @brief Methods for managing connections
@@ -301,7 +300,7 @@
if (NULL != emsg)
MHD_DLOG (connection->daemon, emsg);
#endif
- MHD_connection_close (connection,
+ MHD_connection_close (connection,
MHD_REQUEST_TERMINATED_WITH_ERROR);
}
@@ -369,7 +368,7 @@
if (NULL != response->crc)
(void) MHD_mutex_unlock_ (&response->mutex);
if ( ((ssize_t)MHD_CONTENT_READER_END_OF_STREAM) == ret)
- MHD_connection_close (connection,
+ MHD_connection_close (connection,
MHD_REQUEST_TERMINATED_COMPLETED_OK);
else
CONNECTION_CLOSE_ERROR (connection,
@@ -1264,7 +1263,6 @@
/* continue with 'bar' */
args = amper;
continue;
-
}
/* equals and amper are non-NULL here, and equals < amper,
so we got regular 'foo=value&bar...'-kind of argument */
@@ -2597,12 +2595,12 @@
connection->client_aware = MHD_NO;
}
end =
- MHD_lookup_connection_value (connection,
+ MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
MHD_HTTP_HEADER_CONNECTION);
if ( (MHD_YES == connection->read_closed) ||
(client_close) ||
- ( (NULL != end) &&
+ ( (NULL != end) &&
(MHD_str_equal_caseless_ (end, "close")) ) )
{
connection->read_closed = MHD_YES;
Modified: libmicrohttpd/src/microhttpd/digestauth.c
===================================================================
--- libmicrohttpd/src/microhttpd/digestauth.c 2015-09-22 17:21:33 UTC (rev
36369)
+++ libmicrohttpd/src/microhttpd/digestauth.c 2015-09-25 07:51:21 UTC (rev
36370)
@@ -493,12 +493,12 @@
char *amper;
unsigned int num_headers;
- argb = strdup(args);
+ argb = strdup (args);
if (NULL == argb)
{
#if HAVE_MESSAGES
- MHD_DLOG(connection->daemon,
- "Failed to allocate memory for copy of URI arguments\n");
+ MHD_DLOG (connection->daemon,
+ "Failed to allocate memory for copy of URI arguments\n");
#endif /* HAVE_MESSAGES */
return MHD_NO;
}
@@ -508,45 +508,93 @@
('\0' != argp[0]) )
{
equals = strchr (argp, '=');
- if (NULL == equals)
+ amper = strchr (argp, '&');
+ if (NULL == amper)
{
+ /* last argument */
+ if (NULL == equals)
+ {
+ /* last argument, without '=' */
+ MHD_unescape_plus (argp);
+ if (MHD_YES != test_header (connection,
+ argp,
+ NULL))
+ {
+ free (argb);
+ return MHD_NO;
+ }
+ num_headers++;
+ break;
+ }
+ /* got 'foo=bar' */
+ equals[0] = '\0';
+ equals++;
+ MHD_unescape_plus (argp);
/* add with 'value' NULL */
connection->daemon->unescape_callback
(connection->daemon->unescape_callback_cls,
connection,
argp);
- if (MHD_YES != test_header (connection, argp, NULL))
- {
- free(argb);
- return MHD_NO;
- }
+ MHD_unescape_plus (equals);
+ /* add with 'value' NULL */
+ connection->daemon->unescape_callback
(connection->daemon->unescape_callback_cls,
+ connection,
+ equals);
+ if (MHD_YES != test_header (connection,
+ argp,
+ equals))
+ {
+ free (argb);
+ return MHD_NO;
+ }
num_headers++;
break;
}
+ /* amper is non-NULL here */
+ amper[0] = '\0';
+ amper++;
+ if ( (NULL == equals) ||
+ (equals >= amper) )
+ {
+ /* got 'foo&bar' or 'foo&bar=val', add key 'foo' with NULL for value
*/
+ MHD_unescape_plus (argp);
+ connection->daemon->unescape_callback
(connection->daemon->unescape_callback_cls,
+ connection,
+ argp);
+ if (MHD_YES !=
+ test_header (connection,
+ argp,
+ NULL))
+ {
+ free (argb);
+ return MHD_NO;
+ }
+ /* continue with 'bar' */
+ num_headers++;
+ args = amper;
+ continue;
+ }
equals[0] = '\0';
equals++;
- amper = strchr (equals, '&');
- if (NULL != amper)
- {
- amper[0] = '\0';
- amper++;
- }
+ MHD_unescape_plus (argp);
connection->daemon->unescape_callback
(connection->daemon->unescape_callback_cls,
connection,
argp);
+ MHD_unescape_plus (equals);
connection->daemon->unescape_callback
(connection->daemon->unescape_callback_cls,
connection,
equals);
- if (! test_header (connection, argp, equals))
- {
- free(argb);
+ if (MHD_YES !=
+ test_header (connection,
+ argp,
+ equals))
+ {
+ free (argb);
return MHD_NO;
- }
-
+ }
num_headers++;
argp = amper;
}
-
- free(argb);
+ free (argb);
/* also check that the number of headers matches */
for (pos = connection->headers_received; NULL != pos; pos = pos->next)
@@ -556,7 +604,10 @@
num_headers--;
}
if (0 != num_headers)
- return MHD_NO;
+ {
+ /* argument count mismatch */
+ return MHD_NO;
+ }
return MHD_YES;
}
@@ -623,9 +674,9 @@
{
char r[MAX_REALM_LENGTH];
- len = lookup_sub_value(r,
- sizeof (r),
- header, "realm");
+ len = lookup_sub_value (r,
+ sizeof (r),
+ header, "realm");
if ( (0 == len) ||
(0 != strcmp(realm, r)) )
return MHD_NO;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r36370 - in libmicrohttpd: . src/include src/microhttpd,
gnunet <=