Citando Stipe Tolj <[EMAIL PROTECTED]>:
> Hi Bruno,
>
> I see from
> http://www.kannel.org/cgi-bin/viewcvs.cgi/gateway/gwlib/http.c?annotate=1.184
> that you added the following block to gwlib/http.c:
>
> ...
> 1158 davi 1.154 for(i = at2 + 1; i < at ; i++)
> 1159 octstr_set_char(url, i, '*');
> ...
>
> which does clear the HTTP basic auth password with stars ('*'). This
> breaks the HTTP basic auth function, see smsbox.log:
Oh no, no way. It was working perfectly back then.
At that time, you'd call parse_url() to "parse" url variable and fill "host",
"port", "path", "ssl", AND "usernamne" and "password".
Then, url was not used because you won't need it anymore, except for logging,
and that's why I've hidden the password.
Is the code now trying to reuse url variable? I guess that's where the bug is.
I see a:
diff -r 1.154 gwlib/http.c
........
-static Connection *send_request(HTTPServer *trans, char *method_name)
+static Connection *get_connection(HTTPServer *trans)
...
if (parse_url(trans->url, &trans->host, &trans->port, &path, &trans->ssl,
...
+
+static int send_request(HTTPServer *trans)
+{
...
+ if (parse_url(trans->url, &trans->host, &trans->port, &path, &trans->ssl,
+ &trans->username, &trans->password) == -1)
So, assuming that in 1.177 you've splited the request into "first connect" then
"send request", you've just copy/pasted lines of code and are now using
(wrongly) parse_url twice.
That way, second parse will read password from a bunch of '*' and is duplicating
effort and leaking memory from first parse_url.
As you've commited your fix to cvs before sending me this email, I'll leave it
to you the job to fix your both bugs ;)
--
Davi / Bruno.Rodrigues<at>Litux.Org
Litux.org: 10:04:51 up 104 days, 11:20, 1 user, load average: 0.01, 0.06, 0.02
'I'll say it again for the logic impaired.
-- Larry Wall'
