summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2009-07-07 20:05:32 +0000
committerStef Walter <stef@memberwebs.com>2009-07-07 20:05:32 +0000
commitcb6b40d3f4b09b48beeec979afe3d3270eb82755 (patch)
treeceaf34e8a8f85a1a764013d1cf27e1d83044a7c4
parent2989ee8b72ddb3995e5a4686c988385d05493365 (diff)
Use our own get_token() function for splitting stuff up.
-rw-r--r--module/mod_auth_singleid.c74
1 files changed, 48 insertions, 26 deletions
diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c
index d2e53e8..e9d195a 100644
--- a/module/mod_auth_singleid.c
+++ b/module/mod_auth_singleid.c
@@ -110,14 +110,46 @@ strupcase(char *str)
}
static char*
-safe_get_token (apr_pool_t *pool, const char **line, int accept_white)
+get_token (apr_pool_t *pool, const char **line, const char *delims)
{
- /* HACK: ap_get_token() endless loop if string starts with delim */
- const char *orig = *line;
- char *result = ap_get_token (pool, line, accept_white);
- if (orig == *line && orig[0])
- (*line)++;
- return result;
+ const char *beg, *end;
+ const char *str = *line;
+
+ /* Find first non-white byte */
+ while (*str && apr_isspace(*str))
+ ++str;
+
+ if (*str == '\0')
+ return NULL;
+
+ beg = str;
+
+ while (*str && !strchr (delims, *str)) {
+ if (*str++ == '"') {
+ while (*str)
+ if (*str++ == '"')
+ break;
+ }
+ }
+
+ end = str;
+
+ /* Trim the quotes if present */
+ if (beg + 1 < end && *beg == '"' && *(end - 1) == '"') {
+ ++beg;
+ --end;
+ }
+
+ /* Trim any spaces on end if present */
+ while (beg != end && apr_isspace (*(end - 1)))
+ --end;
+
+ /* The next token */
+ while (*str && strchr (delims, *str))
+ ++str;
+
+ *line = str;
+ return apr_pstrndup (pool, beg, end - beg);
}
/* -------------------------------------------------------------------------------
@@ -488,11 +520,8 @@ session_cookie_value (request_rec *r, const char *name)
if (cookies == NULL)
return NULL;
- while (cookies[0] == ',' || cookies[0] == ';')
- ++cookies;
-
while (*cookies) {
- pair = safe_get_token (r->pool, &cookies, 1);
+ pair = get_token (r->pool, &cookies, ";");
if (!pair)
break;
if (pair[0] == '$')
@@ -549,23 +578,22 @@ session_load_info (sid_context_t *ctx, request_rec *r)
char *token, *sig, *end;
char *identifier;
long expiry;
- size_t len;
value = session_cookie_value (r, ctx->cookie_name);
if (!value)
return NULL;
- sig = safe_get_token (r->pool, &value, 0);
- if (!session_validate_sig (r->pool, sig, value))
+ sig = get_token (r->pool, &value, " ");
+ if (!sig || !session_validate_sig (r->pool, sig, value))
return NULL;
/* The version of the session info, only 1 supported for now */
- token = safe_get_token (r->pool, &value, 0);
- if (strcmp (token, "1") != 0)
+ token = get_token (r->pool, &value, " ");
+ if (!token || strcmp (token, "1") != 0)
return NULL;
- token = safe_get_token (r->pool, &value, 0);
- expiry = strtol (token, &end, 10);
+ token = get_token (r->pool, &value, " ");
+ expiry = strtol (token ? token : "x", &end, 10);
if (*end != '\0')
return NULL;
@@ -574,14 +602,8 @@ session_load_info (sid_context_t *ctx, request_rec *r)
return NULL;
/* The identifier */
- identifier = safe_get_token (r->pool, &value, 0);
- len = strlen (identifier);
- if (identifier[0] == '"' && identifier[len - 1] == '"') {
- identifier[len - 1] = 0;
- ++identifier;
- }
-
- if (!ap_is_url (identifier))
+ identifier = get_token (r->pool, &value, " ");
+ if (!identifier || !ap_is_url (identifier))
return NULL;
sess = apr_pcalloc (r->pool, sizeof (sid_session_t));