diff options
Diffstat (limited to 'libs/libcurl/src/vauth/digest.c')
| -rw-r--r-- | libs/libcurl/src/vauth/digest.c | 72 |
1 files changed, 26 insertions, 46 deletions
diff --git a/libs/libcurl/src/vauth/digest.c b/libs/libcurl/src/vauth/digest.c index 98e32900db..98d0c04dca 100644 --- a/libs/libcurl/src/vauth/digest.c +++ b/libs/libcurl/src/vauth/digest.c @@ -41,7 +41,7 @@ #include "curl_sha512_256.h"
#include "vtls/vtls.h"
#include "warnless.h"
-#include "strtok.h"
+#include "strparse.h"
#include "strcase.h"
#include "curl_printf.h"
#include "rand.h"
@@ -50,6 +50,7 @@ #include "curl_memory.h"
#include "memdebug.h"
+#ifndef USE_WINDOWS_SSPI
#define SESSION_ALGO 1 /* for algos with this bit set */
#define ALGO_MD5 0
@@ -59,7 +60,6 @@ #define ALGO_SHA512_256 4
#define ALGO_SHA512_256SESS (ALGO_SHA512_256 | SESSION_ALGO)
-#if !defined(USE_WINDOWS_SSPI)
#define DIGEST_QOP_VALUE_AUTH (1 << 0)
#define DIGEST_QOP_VALUE_AUTH_INT (1 << 1)
#define DIGEST_QOP_VALUE_AUTH_CONF (1 << 2)
@@ -141,8 +141,8 @@ bool Curl_auth_digest_get_pair(const char *str, char *value, char *content, return TRUE;
}
-#if !defined(USE_WINDOWS_SSPI)
-/* Convert md5 chunk to RFC2617 (section 3.1.3) -suitable ASCII string */
+#ifndef USE_WINDOWS_SSPI
+/* Convert MD5 chunk to RFC2617 (section 3.1.3) -suitable ASCII string */
static void auth_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */
unsigned char *dest) /* 33 bytes */
{
@@ -219,33 +219,21 @@ static bool auth_digest_get_key_value(const char *chlg, static CURLcode auth_digest_get_qop_values(const char *options, int *value)
{
- char *tmp;
- char *token;
- char *tok_buf = NULL;
-
+ struct Curl_str out;
/* Initialise the output */
*value = 0;
- /* Tokenise the list of qop values. Use a temporary clone of the buffer since
- Curl_strtok_r() ruins it. */
- tmp = strdup(options);
- if(!tmp)
- return CURLE_OUT_OF_MEMORY;
-
- token = Curl_strtok_r(tmp, ",", &tok_buf);
- while(token) {
- if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH))
+ while(!Curl_str_until(&options, &out, 32, ',')) {
+ if(Curl_str_casecompare(&out, DIGEST_QOP_VALUE_STRING_AUTH))
*value |= DIGEST_QOP_VALUE_AUTH;
- else if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH_INT))
+ else if(Curl_str_casecompare(&out, DIGEST_QOP_VALUE_STRING_AUTH_INT))
*value |= DIGEST_QOP_VALUE_AUTH_INT;
- else if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH_CONF))
+ else if(Curl_str_casecompare(&out, DIGEST_QOP_VALUE_STRING_AUTH_CONF))
*value |= DIGEST_QOP_VALUE_AUTH_CONF;
-
- token = Curl_strtok_r(NULL, ",", &tok_buf);
+ if(Curl_str_single(&options, ','))
+ break;
}
- free(tmp);
-
return CURLE_OK;
}
@@ -504,10 +492,6 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, struct digestdata *digest)
{
bool before = FALSE; /* got a nonce before */
- bool foundAuth = FALSE;
- bool foundAuthInt = FALSE;
- char *token = NULL;
- char *tmp = NULL;
/* If we already have received a nonce, keep that in mind */
if(digest->nonce)
@@ -551,29 +535,25 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, return CURLE_OUT_OF_MEMORY;
}
else if(strcasecompare(value, "qop")) {
- char *tok_buf = NULL;
- /* Tokenize the list and choose auth if possible, use a temporary
- clone of the buffer since Curl_strtok_r() ruins it */
- tmp = strdup(content);
- if(!tmp)
- return CURLE_OUT_OF_MEMORY;
-
- token = Curl_strtok_r(tmp, ",", &tok_buf);
- while(token) {
- /* Pass additional spaces here */
- while(*token && ISBLANK(*token))
- token++;
- if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH)) {
+ const char *token = content;
+ struct Curl_str out;
+ bool foundAuth = FALSE;
+ bool foundAuthInt = FALSE;
+ /* Pass leading spaces */
+ while(*token && ISBLANK(*token))
+ token++;
+ while(!Curl_str_until(&token, &out, 32, ',')) {
+ if(Curl_str_casecompare(&out, DIGEST_QOP_VALUE_STRING_AUTH))
foundAuth = TRUE;
- }
- else if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH_INT)) {
+ else if(Curl_str_casecompare(&out,
+ DIGEST_QOP_VALUE_STRING_AUTH_INT))
foundAuthInt = TRUE;
- }
- token = Curl_strtok_r(NULL, ",", &tok_buf);
+ if(Curl_str_single(&token, ','))
+ break;
+ while(*token && ISBLANK(*token))
+ token++;
}
- free(tmp);
-
/* Select only auth or auth-int. Otherwise, ignore */
if(foundAuth) {
free(digest->qop);
|