Mercurial > dovecot > core-2.2
changeset 18955:cc09fc9194d1
lib-http auth: Fixed assertion on the validity of the token68 encountered during conversion to string.
author | Stephan Bosch <stephan@rename-it.nl> |
---|---|
date | Tue, 18 Aug 2015 20:39:24 +0300 |
parents | 9d530e890669 |
children | 3e1ab97a392c |
files | src/lib-http/http-auth.c |
diffstat | 1 files changed, 14 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-http/http-auth.c Tue Aug 18 20:39:24 2015 +0300 +++ b/src/lib-http/http-auth.c Tue Aug 18 20:39:24 2015 +0300 @@ -285,6 +285,18 @@ } } +static void http_auth_check_token68(const char *data) +{ + const char *p = data; + + /* Make sure we're not working with nonsense. */ + i_assert(http_char_is_token68(*p)); + for (p++; *p != '\0' && *p != '='; p++) + i_assert(http_char_is_token68(*p)); + for (; *p != '\0'; p++) + i_assert(*p == '='); +} + void http_auth_create_challenge(string_t *out, const struct http_auth_challenge *chlng) { @@ -296,12 +308,8 @@ str_append(out, chlng->scheme); if (chlng->data != NULL) { - const char *p; - /* SP token68 */ - for (p = chlng->data; *p != '\0'; p++) - i_assert(http_char_is_token68(*p)); - + http_auth_check_token68(chlng->data); str_append_c(out, ' '); str_append(out, chlng->data); @@ -343,12 +351,8 @@ str_append(out, crdts->scheme); if (crdts->data != NULL) { - const char *p; - /* SP token68 */ - for (p = crdts->data; *p != '\0'; p++) - i_assert(http_char_is_token68(*p)); - + http_auth_check_token68(crdts->data); str_append_c(out, ' '); str_append(out, crdts->data);