commit 3fcec14c8d2a25db33b6f7e42cf7430f07250b10 parent 6dea1cf68e7b12d6348e37cbe27469c7f6b2ce8e Author: Evgeny Grin (Karlson2k) <k2k@narod.ru> Date: Sat, 4 Jun 2022 16:42:49 +0300 gen_auth: added detection of incorrect delimiters in token68 Diffstat:
| M | src/microhttpd/gen_auth.c | | | 6 | ++++-- |
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/microhttpd/gen_auth.c b/src/microhttpd/gen_auth.c @@ -73,8 +73,10 @@ parse_bauth_params (const char *str, /* Find end of the token. Token cannot contain whitespace. */ while (i < str_len && ' ' != str[i] && '\t' != str[i]) { - if (0 == str[0]) - return false; /* Binary zero is not allowed */ + if (0 == str[i]) + return false; /* Binary zero is not allowed */ + if ((',' == str[i]) || (';' == str[i])) + return false; /* Only single token68 is allowed */ i++; } token68_len = i - token68_start;