From 9e8aec3df93a2c3ddbfa210c623ccd481d0fe4a6 Mon Sep 17 00:00:00 2001 From: pixel Date: Mon, 23 Jul 2007 08:36:38 +0000 Subject: Deadly fix in Base64... --- lib/Base64.cc | 23 ++++++++++++----------- lib/HttpServ.cc | 6 ++++-- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/lib/Base64.cc b/lib/Base64.cc index 6c16f47..a6e5237 100644 --- a/lib/Base64.cc +++ b/lib/Base64.cc @@ -17,7 +17,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -/* $Id: Base64.cc,v 1.3 2007-06-11 11:25:36 pixel Exp $ */ +/* $Id: Base64.cc,v 1.4 2007-07-23 08:36:38 pixel Exp $ */ #include @@ -87,20 +87,21 @@ int Base64::decode_block(char s1, char s2, char s3, char s4, unsigned char * out } unsigned char * Base64::decode(const String & str_in, int * len_out) { - int s_len = str_in.strlen() / 4, len = 0, i, j, t_len; + int s_len = str_in.strlen(), len = 0, i, j, t_len; char s1, s2, s3, s4; - unsigned char t_out[2]; - unsigned char * out = (unsigned char *) malloc(s_len * 3 + 1); + unsigned char t_out[3]; + unsigned char * out = (unsigned char *) malloc(s_len * 3 / 4 + 4); + unsigned char * p = out; - for (i = 0; i < s_len; i++) { - s1 = str_in[i * 4 + 0]; - s2 = str_in[i * 4 + 1]; - s3 = str_in[i * 4 + 2]; - s4 = str_in[i * 4 + 3]; + for (i = 0; i < s_len; i += 4) { + s1 = str_in[i + 0]; + s2 = str_in[i + 1]; + s3 = str_in[i + 2]; + s4 = str_in[i + 3]; t_len = decode_block(s1, s2, s3, s4, t_out); - + for (j = 0; j < t_len; j++) { - out[i * 3 + j] = t_out[j]; + *(p++) = t_out[j]; } len += t_len; diff --git a/lib/HttpServ.cc b/lib/HttpServ.cc index d00890e..b9fb06b 100644 --- a/lib/HttpServ.cc +++ b/lib/HttpServ.cc @@ -17,7 +17,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -/* $Id: HttpServ.cc,v 1.52 2007-06-18 09:25:47 pixel Exp $ */ +/* $Id: HttpServ.cc,v 1.53 2007-07-23 08:36:38 pixel Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -111,7 +111,9 @@ int ProcessRequest::Do() throw(GeneralException) { host = t.extract(6); } if (t.strstr("Authorization: Basic ") == 0) { - char * credentials = (char *) Base64::decode(t.extract(21), 0); + int l; + char * credentials = (char *) Base64::decode(t.extract(21), &l); + credentials[l] = 0; char * p = strchr(credentials, ':'); if (p) { -- cgit v1.2.3