Re: wininet: Add support for SSPI authentication for HTTP.
Alexandre Julliard wrote:
Robert Shearman [EMAIL PROTECTED] writes:
+if (strncmpiW(pszAuthValue, szBasic,
sizeof(szBasic)/sizeof(szBasic[0])-1))
+{
When using strncmp you need to also check that you reached the end of
the first string.
Hmm, it seems strncmpiW already does that for me so I'm a little confused:
int strncmpiW( const WCHAR *str1, const WCHAR *str2, int n )
{
int ret = 0;
for ( ; n 0; n--, str1++, str2++)
if ((ret = tolowerW(*str1) - tolowerW(*str2)) || !*str1) break;
return ret;
}
+/* compare against last character to be set to avoid a race */
+if (HTTP_Base64Dec['/'] != 63)
+{
This won't avoid the race, you'll still get garbage if two threads get
here at the same time.
Good spot, I'll fix this.
--
Rob Shearman
Re: wininet: Add support for SSPI authentication for HTTP.
Juan Lang wrote: Hi Rob, +static UINT HTTP_DecodeBase64(LPCWSTR base64, LPSTR bin); Do we really have to keep proliferating base64 implementations? Could you not implement CryptStringToBinaryW instead? Should be mostly a copy-paste job.. CryptStringToBinaryW is a lot more complicated than just a base64 encoder function, so this is beyond the scope of what I was trying to implement. I'll make a note to replace this code by CryptStringToBinaryW if someone does implement it though. -- Rob Shearman
Re: wininet: Add support for SSPI authentication for HTTP.
Alexandre Julliard wrote:
Robert Shearman [EMAIL PROTECTED] writes:
Hmm, it seems strncmpiW already does that for me so I'm a little confused:
int strncmpiW( const WCHAR *str1, const WCHAR *str2, int n )
{
int ret = 0;
for ( ; n 0; n--, str1++, str2++)
if ((ret = tolowerW(*str1) - tolowerW(*str2)) || !*str1) break;
return ret;
}
It does if the string is shorter, but not if it's longer. It's OK if
you want to check that the string is a strict subset, but that's not
usually what you want.
In this case, it is. The Basic string should be followed by some
additional data which is parsed later.
--
Rob Shearman
Re: wininet: Add support for SSPI authentication for HTTP.
Robert Shearman [EMAIL PROTECTED] writes:
Hmm, it seems strncmpiW already does that for me so I'm a little confused:
int strncmpiW( const WCHAR *str1, const WCHAR *str2, int n )
{
int ret = 0;
for ( ; n 0; n--, str1++, str2++)
if ((ret = tolowerW(*str1) - tolowerW(*str2)) || !*str1) break;
return ret;
}
It does if the string is shorter, but not if it's longer. It's OK if
you want to check that the string is a strict subset, but that's not
usually what you want.
--
Alexandre Julliard
[EMAIL PROTECTED]
Re: wininet: Add support for SSPI authentication for HTTP.
Robert Shearman [EMAIL PROTECTED] writes: In this case, it is. The Basic string should be followed by some additional data which is parsed later. Yes, but AFAICS it's still supposed to be a separate token, so you'd need to check for a token separator. I don't think Basically should be considered a match for Basic authentication. -- Alexandre Julliard [EMAIL PROTECTED]
Re: wininet: Add support for SSPI authentication for HTTP.
Robert Shearman [EMAIL PROTECTED] writes:
+if (strncmpiW(pszAuthValue, szBasic,
sizeof(szBasic)/sizeof(szBasic[0])-1))
+{
When using strncmp you need to also check that you reached the end of
the first string.
+/* compare against last character to be set to avoid a race */
+if (HTTP_Base64Dec['/'] != 63)
+{
This won't avoid the race, you'll still get garbage if two threads get
here at the same time.
--
Alexandre Julliard
[EMAIL PROTECTED]
Re: wininet: Add support for SSPI authentication for HTTP.
Hi Rob, +static UINT HTTP_DecodeBase64(LPCWSTR base64, LPSTR bin); Do we really have to keep proliferating base64 implementations? Could you not implement CryptStringToBinaryW instead? Should be mostly a copy-paste job.. --Juan Get the Yahoo! toolbar and be alerted to new email wherever you're surfing. http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
