diff options
| author | Christian Grothoff <christian@grothoff.org> | 2011-06-11 11:15:53 +0000 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2011-06-11 11:15:53 +0000 |
| commit | 1975afb1ef83a826844554aa4cb59f3ddb905d7a (patch) | |
| tree | 7ed482f9b371fbfe2319b7b0fcf54ea659601290 | |
| parent | 2f9cdec6ae1cc3d716606c017d595b2dea90bc22 (diff) | |
| download | libmicrohttpd-1975afb1ef83a826844554aa4cb59f3ddb905d7a.tar.gz libmicrohttpd-1975afb1ef83a826844554aa4cb59f3ddb905d7a.zip | |
fixing 1688
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | src/daemon/connection.c | 14 | ||||
| -rw-r--r-- | src/daemon/digestauth.c | 7 | ||||
| -rw-r--r-- | src/daemon/internal.c | 11 |
4 files changed, 24 insertions, 11 deletions
| @@ -1,3 +1,6 @@ | |||
| 1 | Sat Jun 11 13:05:12 CEST 2011 | ||
| 2 | Replacing use of sscanf by strtoul (#1688). -CG/bplant | ||
| 3 | |||
| 1 | Fri Jun 3 15:26:42 CEST 2011 | 4 | Fri Jun 3 15:26:42 CEST 2011 |
| 2 | Adding MHD_CONNECTION_INFO_DAEMON to obtain MHD_Daemon | 5 | Adding MHD_CONNECTION_INFO_DAEMON to obtain MHD_Daemon |
| 3 | responsible for a given connection. -CG | 6 | responsible for a given connection. -CG |
diff --git a/src/daemon/connection.c b/src/daemon/connection.c index 1bc8001c..33571ea9 100644 --- a/src/daemon/connection.c +++ b/src/daemon/connection.c | |||
| @@ -26,6 +26,7 @@ | |||
| 26 | */ | 26 | */ |
| 27 | 27 | ||
| 28 | #include "internal.h" | 28 | #include "internal.h" |
| 29 | #include <limits.h> | ||
| 29 | #include "connection.h" | 30 | #include "connection.h" |
| 30 | #include "memorypool.h" | 31 | #include "memorypool.h" |
| 31 | #include "response.h" | 32 | #include "response.h" |
| @@ -1252,6 +1253,7 @@ process_request_body (struct MHD_Connection *connection) | |||
| 1252 | int instant_retry; | 1253 | int instant_retry; |
| 1253 | int malformed; | 1254 | int malformed; |
| 1254 | char *buffer_head; | 1255 | char *buffer_head; |
| 1256 | char *end; | ||
| 1255 | 1257 | ||
| 1256 | if (connection->response != NULL) | 1258 | if (connection->response != NULL) |
| 1257 | return; /* already queued a response */ | 1259 | return; /* already queued a response */ |
| @@ -1326,11 +1328,8 @@ process_request_body (struct MHD_Connection *connection) | |||
| 1326 | if (!malformed) | 1328 | if (!malformed) |
| 1327 | { | 1329 | { |
| 1328 | buffer_head[i] = '\0'; | 1330 | buffer_head[i] = '\0'; |
| 1329 | malformed = | 1331 | connection->current_chunk_size = strtoul (buffer_head, &end, 16); |
| 1330 | (1 != SSCANF (buffer_head, "%X", | 1332 | malformed = ('\0' != *end); |
| 1331 | &connection->current_chunk_size)) && | ||
| 1332 | (1 != SSCANF (buffer_head, "%x", | ||
| 1333 | &connection->current_chunk_size)); | ||
| 1334 | } | 1333 | } |
| 1335 | if (malformed) | 1334 | if (malformed) |
| 1336 | { | 1335 | { |
| @@ -1655,6 +1654,7 @@ parse_connection_headers (struct MHD_Connection *connection) | |||
| 1655 | unsigned MHD_LONG_LONG cval; | 1654 | unsigned MHD_LONG_LONG cval; |
| 1656 | struct MHD_Response *response; | 1655 | struct MHD_Response *response; |
| 1657 | const char *enc; | 1656 | const char *enc; |
| 1657 | char *end; | ||
| 1658 | 1658 | ||
| 1659 | parse_cookie_header (connection); | 1659 | parse_cookie_header (connection); |
| 1660 | if ((0 != (MHD_USE_PEDANTIC_CHECKS & connection->daemon->options)) | 1660 | if ((0 != (MHD_USE_PEDANTIC_CHECKS & connection->daemon->options)) |
| @@ -1687,7 +1687,9 @@ parse_connection_headers (struct MHD_Connection *connection) | |||
| 1687 | MHD_HTTP_HEADER_CONTENT_LENGTH); | 1687 | MHD_HTTP_HEADER_CONTENT_LENGTH); |
| 1688 | if (clen != NULL) | 1688 | if (clen != NULL) |
| 1689 | { | 1689 | { |
| 1690 | if (1 != SSCANF (clen, "%" MHD_LONG_LONG_PRINTF "u", &cval)) | 1690 | cval = strtoul (clen, &end, 10); |
| 1691 | if ( ('\0' != *end) || | ||
| 1692 | ( (LONG_MAX == cval) && (errno == ERANGE) ) ) | ||
| 1691 | { | 1693 | { |
| 1692 | #if HAVE_MESSAGES | 1694 | #if HAVE_MESSAGES |
| 1693 | MHD_DLOG (connection->daemon, | 1695 | MHD_DLOG (connection->daemon, |
diff --git a/src/daemon/digestauth.c b/src/daemon/digestauth.c index 927974e0..00612e35 100644 --- a/src/daemon/digestauth.c +++ b/src/daemon/digestauth.c | |||
| @@ -25,6 +25,7 @@ | |||
| 25 | */ | 25 | */ |
| 26 | 26 | ||
| 27 | #include "platform.h" | 27 | #include "platform.h" |
| 28 | #include <limits.h> | ||
| 28 | #include "internal.h" | 29 | #include "internal.h" |
| 29 | #include "md5.h" | 30 | #include "md5.h" |
| 30 | #include "base64.h" | 31 | #include "base64.h" |
| @@ -447,6 +448,7 @@ MHD_digest_auth_check(struct MHD_Connection *connection, | |||
| 447 | { | 448 | { |
| 448 | size_t len; | 449 | size_t len; |
| 449 | const char *header; | 450 | const char *header; |
| 451 | char *end; | ||
| 450 | char nonce[MAX_NONCE_LENGTH]; | 452 | char nonce[MAX_NONCE_LENGTH]; |
| 451 | char cnonce[MAX_NONCE_LENGTH]; | 453 | char cnonce[MAX_NONCE_LENGTH]; |
| 452 | char qop[15]; /* auth,auth-int */ | 454 | char qop[15]; /* auth,auth-int */ |
| @@ -544,9 +546,12 @@ MHD_digest_auth_check(struct MHD_Connection *connection, | |||
| 544 | ( (0 != strcmp (qop, "auth")) && | 546 | ( (0 != strcmp (qop, "auth")) && |
| 545 | (0 != strcmp (qop, "")) ) || | 547 | (0 != strcmp (qop, "")) ) || |
| 546 | (0 == lookup_sub_value(nc, sizeof (nc), header, "nc")) || | 548 | (0 == lookup_sub_value(nc, sizeof (nc), header, "nc")) || |
| 547 | (1 != sscanf (nc, "%u", &nci)) || | ||
| 548 | (0 == lookup_sub_value(response, sizeof (response), header, "response")) ) | 549 | (0 == lookup_sub_value(response, sizeof (response), header, "response")) ) |
| 549 | return MHD_NO; | 550 | return MHD_NO; |
| 551 | nci = strtoul (nc, &end, 10); | ||
| 552 | if ( ('\0' != *end) || | ||
| 553 | ( (LONG_MAX == nci) && (errno == ERANGE) ) ) | ||
| 554 | return MHD_NO; /* invalid nonce */ | ||
| 550 | 555 | ||
| 551 | /* | 556 | /* |
| 552 | * Checking if that combination of nonce and nc is sound | 557 | * Checking if that combination of nonce and nc is sound |
diff --git a/src/daemon/internal.c b/src/daemon/internal.c index 16b39df0..3b0a5441 100644 --- a/src/daemon/internal.c +++ b/src/daemon/internal.c | |||
| @@ -121,7 +121,9 @@ MHD_http_unescape (void *cls, | |||
| 121 | { | 121 | { |
| 122 | char *rpos = val; | 122 | char *rpos = val; |
| 123 | char *wpos = val; | 123 | char *wpos = val; |
| 124 | char *end; | ||
| 124 | unsigned int num; | 125 | unsigned int num; |
| 126 | char buf3[3]; | ||
| 125 | 127 | ||
| 126 | while ('\0' != *rpos) | 128 | while ('\0' != *rpos) |
| 127 | { | 129 | { |
| @@ -133,10 +135,11 @@ MHD_http_unescape (void *cls, | |||
| 133 | rpos++; | 135 | rpos++; |
| 134 | break; | 136 | break; |
| 135 | case '%': | 137 | case '%': |
| 136 | if ( (1 == SSCANF (&rpos[1], | 138 | buf3[0] = rpos[1]; |
| 137 | "%2x", &num)) || | 139 | buf3[1] = rpos[2]; |
| 138 | (1 == SSCANF (&rpos[1], | 140 | buf3[2] = '\0'; |
| 139 | "%2X", &num)) ) | 141 | num = strtoul (buf3, &end, 16); |
| 142 | if ('\0' == *end) | ||
| 140 | { | 143 | { |
| 141 | *wpos = (unsigned char) num; | 144 | *wpos = (unsigned char) num; |
| 142 | wpos++; | 145 | wpos++; |