diff options
author | Wolfgang Draxinger <Wolfgang.Draxinger@physik.uni-muenchen.de> | 2013-09-16 23:51:59 +0200 |
---|---|---|
committer | Wolfgang Draxinger <Wolfgang.Draxinger@physik.uni-muenchen.de> | 2013-09-16 23:51:59 +0200 |
commit | 4744fdf082ad71334cd075d1fce49dcf7556df3e (patch) | |
tree | 27df063dc32057c4fef5b809711bcd9e9e858c1d /picohttp.c | |
parent | 764e9f839f2b93a7f95b156a09c2c5f2067b95d3 (diff) | |
download | litheweb-4744fdf082ad71334cd075d1fce49dcf7556df3e.tar.gz litheweb-4744fdf082ad71334cd075d1fce49dcf7556df3e.tar.bz2 |
...
Diffstat (limited to 'picohttp.c')
-rw-r--r-- | picohttp.c | 13 |
1 files changed, 11 insertions, 2 deletions
@@ -49,6 +49,9 @@ static char const PICOHTTP_STR_AUTHORIZATION[] = "Authorization"; static char const PICOHTTP_STR_BASIC_[] = "Basic "; static char const PICOHTTP_STR_DIGEST_[] = "Digest "; static char const PICOHTTP_STR_REALM__[] = "realm=\""; +static char const PICOHTTP_STR_USERNAME__[] = "username=\""; +static char const PICOHTTP_STR_QOP_[] = "qop="; +static char const PICOHTTP_STR_NC_[] = "nc="; /* compilation unit local function forward declarations */ static int picohttpProcessHeaders ( @@ -819,6 +822,10 @@ static void picohttpProcessHeaderAuthorization( } phb64raw_t r; size_t l = phb64decode(e, r); + if( !l ) { + /* invalid chunk => abort the whole header */ + return; + } for(size_t j=0; j < l && i < user_password_max_len; j++, i++) { user_password[i] = r[j]; } @@ -857,11 +864,13 @@ static void picohttpProcessHeaderAuthorization( "[picohttp] Basic Auth: username='%s', password='%s'\r\n", req->query.auth->username, req->query.auth->pwresponse); + return; } if(!strncmp(authorization, - PICOHTTP_STR_BASIC_, - sizeof(PICOHTTP_STR_BASIC_)-1)) { + PICOHTTP_STR_DIGEST_, + sizeof(PICOHTTP_STR_DIGEST_)-1)) { + return; } } |