mirror of
https://github.com/netsurf-browser/netsurf
synced 2024-12-23 12:36:51 +03:00
[project @ 2004-05-01 21:37:29 by joty]
fetch_curl_header() : better protection against malformed header lines; realm data line is now properly terminated with NUL character. svn path=/import/netsurf/; revision=810
This commit is contained in:
parent
dcfa1164d3
commit
49ac08e2e4
@ -609,33 +609,44 @@ size_t fetch_curl_header(char * data, size_t size, size_t nmemb, struct fetch *f
|
||||
LOG(("malloc failed"));
|
||||
return size;
|
||||
}
|
||||
for (i = 9; data[i] == ' ' || data[i] == '\t'; i++)
|
||||
;
|
||||
for (i = 9; i < size && (data[i] == ' ' || data[i] == '\t'); i++)
|
||||
/* */;
|
||||
strncpy(f->location, data + i, size - i);
|
||||
for (i = size - i - 1; f->location[i] == ' ' ||
|
||||
f->location[size - i] = '\0';
|
||||
for (i = size - i - 1; i >= 0 &&
|
||||
(f->location[i] == ' ' ||
|
||||
f->location[i] == '\t' ||
|
||||
f->location[i] == '\r' ||
|
||||
f->location[i] == '\n'; i--)
|
||||
f->location[i] == '\n'); i--)
|
||||
f->location[i] = '\0';
|
||||
} else if (15 < size && strncasecmp(data, "Content-Length:", 15) == 0) {
|
||||
/* extract Content-Length header */
|
||||
for (i = 15; data[i] == ' ' || data[i] == '\t'; i++)
|
||||
;
|
||||
for (i = 15; i < size && (data[i] == ' ' || data[i] == '\t'); i++)
|
||||
/* */;
|
||||
if ('0' <= data[i] && data[i] <= '9')
|
||||
f->content_length = atol(data + i);
|
||||
#ifdef WITH_AUTH
|
||||
} else if (16 < size && strncasecmp(data, "WWW-Authenticate",16) == 0) {
|
||||
/* extract Realm from WWW-Authenticate header */
|
||||
} else if (16 < size && strncasecmp(data, "WWW-Authenticate", 16) == 0) {
|
||||
/* extract the first Realm from WWW-Authenticate header */
|
||||
free(f->realm);
|
||||
f->realm = malloc(size);
|
||||
if (!f->realm) {
|
||||
LOG(("malloc failed"));
|
||||
return size;
|
||||
}
|
||||
/** \todo this code looks dangerous */
|
||||
for (i=16;(unsigned int)i!=strlen(data);i++)
|
||||
if(data[i]=='=')break;
|
||||
strncpy(f->realm, data+i+2, size-i-5);
|
||||
for (i = 16; i < size && data[i] != '='; i++)
|
||||
/* */;
|
||||
while (i < size && data[++i] == '"')
|
||||
/* */;
|
||||
strncpy(f->realm, data + i, size - i);
|
||||
f->realm[size - i] = '\0';
|
||||
for (i = size - i - 1; i >= 0 &&
|
||||
(f->realm[i] == ' ' ||
|
||||
f->realm[i] == '"' ||
|
||||
f->realm[i] == '\t' ||
|
||||
f->realm[i] == '\r' ||
|
||||
f->realm[i] == '\n'); --i)
|
||||
f->realm[i] = '\0';
|
||||
#endif
|
||||
}
|
||||
return size;
|
||||
|
Loading…
Reference in New Issue
Block a user