Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: http digest input parse fix

From: Joel Chen <jchen_at_interval.com>
Date: Mon, 2 Aug 2004 10:54:24 -0700

That's quite right. I've failed to consider such case.
So there may be other cases. A more sure method is to let
scanf tell us where the next value pair starts using %n.

diff against the 7.12 original before either of us changed anything:

--- http_digest.c 2004-08-02 10:57:03.082017400 -0700
+++ http_digest.new.c 2004-08-02 10:57:57.944677008 -0700
@@ -97,12 +97,12 @@
         header++;
 
       /* how big can these strings be? */
- if((2 == sscanf(header, "%31[^=]=\"%127[^\"]\"",
- value, content)) ||
+ if((2 == sscanf(header, "%31[^=]=\"%127[^\"]\"%n",
+ value, content, &totlen)) ||
          /* try the same scan but without quotes around the content but
don't
             include the possibly trailing comma */
- (2 == sscanf(header, "%31[^=]=%127[^,]",
- value, content)) ) {
+ (2 == sscanf(header, "%31[^=]=%127[^,]%n",
+ value, content, &totlen)) ) {
         if(strequal(value, "nonce")) {
           d->nonce = strdup(content);
           if(!d->nonce)
@@ -168,7 +168,6 @@
         else {
           /* unknown specifier, ignore it! */
         }
- totlen = strlen(value)+strlen(content)+3;
       }
       else
         break; /* we're done here */

-----Original Message-----
From: curl-users-bounces_at_cool.haxx.se
[mailto:curl-users-bounces_at_cool.haxx.se] On Behalf Of Daniel Stenberg
Sent: Saturday, July 31, 2004 12:29 AM
To: curl tool talk
Subject: Re: http digest input parse fix

On Sat, 31 Jul 2004, Daniel Stenberg wrote:

> I think a better fix adds the proper length. 3 if the content is
within
> quotes, and 1 if no quotes were used.

Like this:

--- lib/http_digest.c 24 Jun 2004 11:54:11 -0000 1.21
+++ lib/http_digest.c 31 Jul 2004 07:30:37 -0000
@@ -168,7 +168,12 @@
          else {
            /* unknown specifier, ignore it! */
          }
- totlen = strlen(value)+strlen(content)+3;
+ totlen = strlen(value)+strlen(content)+1;
+
+ if(header[strlen(value)+1] == '\"')
+ /* the contents were within quotes, then add 2 for them to
the
+ length */
+ totlen += 2;
        }
        else
          break; /* we're done here */ 

-- 
      Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
       Dedicated custom curl help for hire: http://haxx.se/curl.html
Received on 2004-08-02