Author: brane
Date: Sun Jun 29 08:52:35 2025
New Revision: 1926854
URL: http://svn.apache.org/viewvc?rev=1926854&view=rev
Log:
On the user-defined-authn branch: Fix edge cases in the authn parameter
parser: allow empty quoted strings and do not allow empty unquoted values.
* src/syntax.c
(serf__parse_authn_parameters): Use different criteria to validate
quoted-string valiues than for token values, and requore that the
value is a token.
* test/test_internal.c
(test_parse_parameters,
test_parse_bad_parameters): Add two more test cases.
Modified:
serf/branches/user-defined-authn/src/syntax.c
serf/branches/user-defined-authn/test/test_internal.c
Modified: serf/branches/user-defined-authn/src/syntax.c
URL:
http://svn.apache.org/viewvc/serf/branches/user-defined-authn/src/syntax.c?rev=1926854&r1=1926853&r2=1926854&view=diff
==============================================================================
--- serf/branches/user-defined-authn/src/syntax.c (original)
+++ serf/branches/user-defined-authn/src/syntax.c Sun Jun 29 08:52:35 2025
@@ -481,12 +481,15 @@ apr_hash_t *serf__parse_authn_parameters
/* Parse the value, either a token or a quoted string. */
++src;
value = dst;
- if (*src == '"')
+ if (*src == '"') {
src = copy_quoted_string(&dst, src);
- else if (ct_istoken(*src))
+ if (!src)
+ break;
+ } else {
src = copy_token(&dst, src);
- if (!src || value == dst)
- break;
+ if (!src || value == dst)
+ break;
+ }
*dst++ = '\0';
/* Must be at the end of the string or at a valid separator. */
Modified: serf/branches/user-defined-authn/test/test_internal.c
URL:
http://svn.apache.org/viewvc/serf/branches/user-defined-authn/test/test_internal.c?rev=1926854&r1=1926853&r2=1926854&view=diff
==============================================================================
--- serf/branches/user-defined-authn/test/test_internal.c (original)
+++ serf/branches/user-defined-authn/test/test_internal.c Sun Jun 29 08:52:35
2025
@@ -495,25 +495,30 @@ static void test_parse_parameters(CuTest
{ "realm", "Wonderland" },
{ "scope", "Alice" },
{ "!#$%&'*+-.^_`|~", "(\"\\)"},
+ { "empty", "" },
{ NULL, NULL }
};
parse_parameters(tc,
"Realm=\"Wonderland\","
"ScOpE=Alice , "
- "!#$%&'*+-.^_`|~=\"(\\\"\\\\)\"",
+ "!#$%&'*+-.^_`|~=\"(\\\"\\\\)\","
+ "empty=\"\"",
expected);
}
static void test_parse_bad_parameters(CuTest *tc)
{
- static const struct expected_attrs expected[] = {
+ static const struct expected_attrs unexpected[] = {
+ { "first", "value" },
{ NULL, NULL }
};
+ static const struct expected_attrs *expected = &unexpected[1];
parse_parameters(tc, "", expected);
parse_parameters(tc, "\t", expected);
parse_parameters(tc, "(comm", expected);
+ parse_parameters(tc, "first=value, key=", unexpected);
parse_parameters(tc, "key=\"value", expected);
parse_parameters(tc, "key = value", expected);
parse_parameters(tc, "key=\"value1\"key=value2", expected);
