ExternalVendorCode/serval-dna
1
0
Fork 0
mirror of https://github.com/servalproject/serval-dna.git synced 2025-01-18 10:46:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix HTTP Authorization header parsing

Browse Source 
Was returning status 500 if Authorization: Basic token was long, because
_reserve() did not have enough free space at start of buffer.  The
solution was to _commit(r) before attempting the _reserve_str() calls
for the decoded username and password.

As a separate issue, the status 500 also triggered an assertion failure
because http_request_parse_header() was returning 400 but
response.result_code had already been set to 500.
This commit is contained in:
Andrew Bettison 2014-06-16 14:48:07 +09:30
parent f2772b0ce8
commit d879189299
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
http_server.c
View File

@ -667,6 +667,7 @@ static int _parse_authorization(struct http_request *r, struct http_client_autho
char buf[bufsz];
if (_parse_authorization_credentials_basic(r, &auth->credentials.basic, buf, bufsz)) {
auth->scheme = BASIC;
_commit(r); // make room for following reservations
if ( !_reserve_str(r, &auth->credentials.basic.user, auth->credentials.basic.user)
|| !_reserve_str(r, &auth->credentials.basic.password, auth->credentials.basic.password)
)
@ -974,6 +975,8 @@ static int http_request_parse_header(struct http_request *r)
_commit(r);
return 0;
}
if (r->response.result_code)
return r->response.result_code;
goto malformed;
}
_rewind(r);