commit 1975afb1ef83a826844554aa4cb59f3ddb905d7a
parent 2f9cdec6ae1cc3d716606c017d595b2dea90bc22
Author: Christian Grothoff <christian@grothoff.org>
Date: Sat, 11 Jun 2011 11:15:53 +0000
fixing 1688
Diffstat:
4 files changed, 24 insertions(+), 11 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,6 @@
+Sat Jun 11 13:05:12 CEST 2011
+ Replacing use of sscanf by strtoul (#1688). -CG/bplant
+
Fri Jun 3 15:26:42 CEST 2011
Adding MHD_CONNECTION_INFO_DAEMON to obtain MHD_Daemon
responsible for a given connection. -CG
diff --git a/src/daemon/connection.c b/src/daemon/connection.c
@@ -26,6 +26,7 @@
*/
#include "internal.h"
+#include <limits.h>
#include "connection.h"
#include "memorypool.h"
#include "response.h"
@@ -1252,6 +1253,7 @@ process_request_body (struct MHD_Connection *connection)
int instant_retry;
int malformed;
char *buffer_head;
+ char *end;
if (connection->response != NULL)
return; /* already queued a response */
@@ -1326,11 +1328,8 @@ process_request_body (struct MHD_Connection *connection)
if (!malformed)
{
buffer_head[i] = '\0';
- malformed =
- (1 != SSCANF (buffer_head, "%X",
- &connection->current_chunk_size)) &&
- (1 != SSCANF (buffer_head, "%x",
- &connection->current_chunk_size));
+ connection->current_chunk_size = strtoul (buffer_head, &end, 16);
+ malformed = ('\0' != *end);
}
if (malformed)
{
@@ -1655,6 +1654,7 @@ parse_connection_headers (struct MHD_Connection *connection)
unsigned MHD_LONG_LONG cval;
struct MHD_Response *response;
const char *enc;
+ char *end;
parse_cookie_header (connection);
if ((0 != (MHD_USE_PEDANTIC_CHECKS & connection->daemon->options))
@@ -1687,7 +1687,9 @@ parse_connection_headers (struct MHD_Connection *connection)
MHD_HTTP_HEADER_CONTENT_LENGTH);
if (clen != NULL)
{
- if (1 != SSCANF (clen, "%" MHD_LONG_LONG_PRINTF "u", &cval))
+ cval = strtoul (clen, &end, 10);
+ if ( ('\0' != *end) ||
+ ( (LONG_MAX == cval) && (errno == ERANGE) ) )
{
#if HAVE_MESSAGES
MHD_DLOG (connection->daemon,
diff --git a/src/daemon/digestauth.c b/src/daemon/digestauth.c
@@ -25,6 +25,7 @@
*/
#include "platform.h"
+#include <limits.h>
#include "internal.h"
#include "md5.h"
#include "base64.h"
@@ -447,6 +448,7 @@ MHD_digest_auth_check(struct MHD_Connection *connection,
{
size_t len;
const char *header;
+ char *end;
char nonce[MAX_NONCE_LENGTH];
char cnonce[MAX_NONCE_LENGTH];
char qop[15]; /* auth,auth-int */
@@ -544,9 +546,12 @@ MHD_digest_auth_check(struct MHD_Connection *connection,
( (0 != strcmp (qop, "auth")) &&
(0 != strcmp (qop, "")) ) ||
(0 == lookup_sub_value(nc, sizeof (nc), header, "nc")) ||
- (1 != sscanf (nc, "%u", &nci)) ||
(0 == lookup_sub_value(response, sizeof (response), header, "response")) )
return MHD_NO;
+ nci = strtoul (nc, &end, 10);
+ if ( ('\0' != *end) ||
+ ( (LONG_MAX == nci) && (errno == ERANGE) ) )
+ return MHD_NO; /* invalid nonce */
/*
* Checking if that combination of nonce and nc is sound
diff --git a/src/daemon/internal.c b/src/daemon/internal.c
@@ -121,7 +121,9 @@ MHD_http_unescape (void *cls,
{
char *rpos = val;
char *wpos = val;
+ char *end;
unsigned int num;
+ char buf3[3];
while ('\0' != *rpos)
{
@@ -133,10 +135,11 @@ MHD_http_unescape (void *cls,
rpos++;
break;
case '%':
- if ( (1 == SSCANF (&rpos[1],
- "%2x", &num)) ||
- (1 == SSCANF (&rpos[1],
- "%2X", &num)) )
+ buf3[0] = rpos[1];
+ buf3[1] = rpos[2];
+ buf3[2] = '\0';
+ num = strtoul (buf3, &end, 16);
+ if ('\0' == *end)
{
*wpos = (unsigned char) num;
wpos++;
