diff options
Diffstat (limited to 'src/microhttpd/digestauth.c')
-rw-r--r-- | src/microhttpd/digestauth.c | 44 |
1 files changed, 26 insertions, 18 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index f4bf76c7..fe80bf0d 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -1200,35 +1200,43 @@ MHD_digest_auth_get_username (struct MHD_Connection *connection) | |||
1200 | { | 1200 | { |
1201 | const struct MHD_RqDAuth *params; | 1201 | const struct MHD_RqDAuth *params; |
1202 | char *username; | 1202 | char *username; |
1203 | size_t username_len; | 1203 | size_t buf_size; |
1204 | enum MHD_DigestAuthUsernameType uname_type; | ||
1204 | 1205 | ||
1205 | params = get_rq_dauth_params (connection); | 1206 | params = get_rq_dauth_params (connection); |
1206 | if (NULL == params) | 1207 | if (NULL == params) |
1207 | return NULL; | 1208 | return NULL; |
1208 | 1209 | ||
1209 | if (NULL == params->username.value.str) | 1210 | uname_type = get_rq_uname_type (params); |
1211 | |||
1212 | if ( (MHD_DIGEST_AUTH_UNAME_TYPE_STANDARD != uname_type) && | ||
1213 | (MHD_DIGEST_AUTH_UNAME_TYPE_EXTENDED != uname_type) ) | ||
1210 | return NULL; | 1214 | return NULL; |
1211 | 1215 | ||
1212 | username_len = params->username.value.len; | 1216 | buf_size = get_rq_unames_size (params, uname_type); |
1213 | username = malloc (username_len + 1); | 1217 | |
1218 | mhd_assert (0 != buf_size); | ||
1219 | |||
1220 | username = (char *) MHD_calloc_ (1, buf_size); | ||
1214 | if (NULL == username) | 1221 | if (NULL == username) |
1215 | return NULL; | 1222 | return NULL; |
1216 | 1223 | ||
1217 | if (! params->username.quoted) | 1224 | if (1) |
1218 | { | ||
1219 | /* The username is not quoted, no need to unquote */ | ||
1220 | if (0 != username_len) | ||
1221 | memcpy (username, params->username.value.str, username_len); | ||
1222 | username[username_len] = 0; /* Zero-terminate */ | ||
1223 | } | ||
1224 | else | ||
1225 | { | 1225 | { |
1226 | /* Need to properly unquote the username */ | 1226 | struct MHD_DigestAuthUsernameInfo uname_strct; |
1227 | mhd_assert (0 != username_len); /* Quoted string may not be zero-legth */ | 1227 | size_t used; |
1228 | username_len = MHD_str_unquote (params->username.value.str, username_len, | 1228 | |
1229 | username); | 1229 | memset (&uname_strct, 0, sizeof(uname_strct)); |
1230 | mhd_assert (0 != username_len); /* The unquoted string cannot be empty */ | 1230 | |
1231 | username[username_len] = 0; /* Zero-terminate */ | 1231 | used = get_rq_uname (params, uname_type, &uname_strct, |
1232 | (uint8_t *) username, buf_size); | ||
1233 | if (uname_type != uname_strct.uname_type) | ||
1234 | { /* Broken encoding for extended notation */ | ||
1235 | free (username); | ||
1236 | return NULL; | ||
1237 | } | ||
1238 | (void) used; /* Mute compiler warning for non-debug builds */ | ||
1239 | mhd_assert (buf_size >= used); | ||
1232 | } | 1240 | } |
1233 | 1241 | ||
1234 | return username; | 1242 | return username; |