--------------------- PatchSet 10286 Date: 2007/12/20 10:35:23 Author: adri Branch: s27_adri Tag: (none) Log: An enormous patch to remove httpHeaderGetStr(); 2/2. Unfortunately I decided to begin converting the relevant bits of the authentication framework to use Strings instead of const char *'s where we're fetching data from the header. Silly move on my part.. Also - the ACL code now uses a temporary C string buffer before passing some stuff to aclregex - this is becuase the regex library being used only handles NUL terminated strings. This should be revisited later. Members: ADRIAN_TODO:1.1.2.15->1.1.2.16 include/util.h:1.17.20.4->1.17.20.5 lib/base64.c:1.7->1.7.58.1 src/HttpHeader.c:1.28.6.1.4.21->1.28.6.1.4.22 src/HttpReply.c:1.23.6.1->1.23.6.1.4.1 src/acl.c:1.90.12.2->1.90.12.3 src/authenticate.c:1.35->1.35.16.1 src/cache_cf.c:1.102.2.1.4.2->1.102.2.1.4.3 src/http.c:1.63.2.3.4.15->1.63.2.3.4.16 src/mime.c:1.19.12.3->1.19.12.4 src/protos.h:1.146.2.4.4.28->1.146.2.4.4.29 src/typedefs.h:1.43.2.3.4.4->1.43.2.3.4.5 src/auth/basic/auth_basic.c:1.27->1.27.28.1 src/auth/digest/auth_digest.c:1.24->1.24.10.1 src/auth/negotiate/auth_negotiate.c:1.13->1.13.10.1 src/auth/ntlm/auth_ntlm.c:1.39->1.39.10.1 tools/cachemgr.c:1.6->1.6.14.1 Index: squid/ADRIAN_TODO =================================================================== RCS file: /cvsroot/squid-sf//squid/Attic/ADRIAN_TODO,v retrieving revision 1.1.2.15 retrieving revision 1.1.2.16 diff -u -r1.1.2.15 -r1.1.2.16 --- squid/ADRIAN_TODO 20 Dec 2007 03:22:35 -0000 1.1.2.15 +++ squid/ADRIAN_TODO 20 Dec 2007 10:35:23 -0000 1.1.2.16 @@ -88,3 +88,6 @@ * ARGH! All of the callers to httpHeaderGetStr() need to be modified; httpHeaderGetStr() now returns a non-NUL-terminated buffer! +* Convert AND VERIFY that the different authentication methods work! + - basic has been converted + - the rest haven't thus far Index: squid/include/util.h =================================================================== RCS file: /cvsroot/squid-sf//squid/include/util.h,v retrieving revision 1.17.20.4 retrieving revision 1.17.20.5 diff -u -r1.17.20.4 -r1.17.20.5 --- squid/include/util.h 19 Dec 2007 05:51:49 -0000 1.17.20.4 +++ squid/include/util.h 20 Dec 2007 10:35:24 -0000 1.17.20.5 @@ -1,5 +1,5 @@ /* - * $Id: util.h,v 1.17.20.4 2007/12/19 05:51:49 adri Exp $ + * $Id: util.h,v 1.17.20.5 2007/12/20 10:35:24 adri Exp $ * * AUTHOR: Harvest Derived * @@ -110,7 +110,7 @@ typedef struct in_addr SIA; extern int safe_inet_addr(const char *, SIA *); extern time_t parse_iso3307_time(const char *buf); -extern char *base64_decode(const char *coded); +extern char *base64_decode(const char *coded, int len); extern const char *base64_encode(const char *decoded); extern const char *base64_encode_bin(const char *data, int len); Index: squid/lib/base64.c =================================================================== RCS file: /cvsroot/squid-sf//squid/lib/base64.c,v retrieving revision 1.7 retrieving revision 1.7.58.1 diff -u -r1.7 -r1.7.58.1 --- squid/lib/base64.c 28 Apr 2006 11:10:49 -0000 1.7 +++ squid/lib/base64.c 20 Dec 2007 10:35:24 -0000 1.7.58.1 @@ -1,5 +1,5 @@ /* - * $Id: base64.c,v 1.7 2006/04/28 11:10:49 squidadm Exp $ + * $Id: base64.c,v 1.7.58.1 2007/12/20 10:35:24 adri Exp $ */ #include "config.h" @@ -38,10 +38,10 @@ } char * -base64_decode(const char *p) +base64_decode(const char *p, int len) { static char result[BASE64_RESULT_SZ]; - int j; + int j, i; int c; long val; if (!p) @@ -49,7 +49,7 @@ if (!base64_initialized) base64_init(); val = c = 0; - for (j = 0; *p && j + 4 < BASE64_RESULT_SZ; p++) { + for (j = 0, i = 0; i < len && j + 4 < BASE64_RESULT_SZ; p++, i++) { unsigned int k = ((unsigned char) *p) % BASE64_VALUE_SZ; if (base64_value[k] < 0) continue; Index: squid/src/HttpHeader.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/HttpHeader.c,v retrieving revision 1.28.6.1.4.21 retrieving revision 1.28.6.1.4.22 diff -u -r1.28.6.1.4.21 -r1.28.6.1.4.22 --- squid/src/HttpHeader.c 20 Dec 2007 03:22:36 -0000 1.28.6.1.4.21 +++ squid/src/HttpHeader.c 20 Dec 2007 10:35:24 -0000 1.28.6.1.4.22 @@ -1,6 +1,6 @@ /* - * $Id: HttpHeader.c,v 1.28.6.1.4.21 2007/12/20 03:22:36 adri Exp $ + * $Id: HttpHeader.c,v 1.28.6.1.4.22 2007/12/20 10:35:24 adri Exp $ * * DEBUG: section 55 HTTP Header * AUTHOR: Alex Rousskov @@ -1164,23 +1164,30 @@ const char * httpHeaderGetAuth(const HttpHeader * hdr, http_hdr_type id, const char *auth_scheme) { - const char *field; + String *field; int l; + int ofs = 0; assert(hdr && auth_scheme); - field = httpHeaderGetStr(hdr, id); + /* Weak reference */ + field = httpHeaderGetString(hdr, id); if (!field) /* no authorization field */ return NULL; + if (strIsNull(*field)) + return NULL; + l = strlen(auth_scheme); - if (!l || strncasecmp(field, auth_scheme, l)) /* wrong scheme */ + if (!l || strNCaseCmp(*field, auth_scheme, l)) /* wrong scheme */ return NULL; - field += l; - if (!xisspace(*field)) /* wrong scheme */ + ofs = l; + if (strGetPos(*field, ofs) < 0 || !xisspace(strGetPos(*field, ofs))) /* wrong scheme */ return NULL; /* skip white space */ - field += xcountws(field); - if (!*field) /* no authorization cookie */ - return NULL; - return base64_decode(field); + for (; ofs < strLen2(*field) && StringMapCheckChar(&strmap_whitespace, (unsigned char) strGetPos(*field, ofs)); ofs++) + ; + if (ofs >= strLen2(*field)) /* [ahc] its too short or no auth cookie! */ + return NULL; + /* XXX off by one? */ + return base64_decode(strBuf2(*field) + ofs, strLen2(*field) - ofs); } TimeOrTag Index: squid/src/HttpReply.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/HttpReply.c,v retrieving revision 1.23.6.1 retrieving revision 1.23.6.1.4.1 diff -u -r1.23.6.1 -r1.23.6.1.4.1 --- squid/src/HttpReply.c 27 Nov 2007 08:12:23 -0000 1.23.6.1 +++ squid/src/HttpReply.c 20 Dec 2007 10:35:24 -0000 1.23.6.1.4.1 @@ -1,6 +1,6 @@ /* - * $Id: HttpReply.c,v 1.23.6.1 2007/11/27 08:12:23 adri Exp $ + * $Id: HttpReply.c,v 1.23.6.1.4.1 2007/12/20 10:35:24 adri Exp $ * * DEBUG: section 58 HTTP Reply (Response) * AUTHOR: Alex Rousskov @@ -335,14 +335,19 @@ httpReplyHdrCacheInit(HttpReply * rep) { const HttpHeader *hdr = &rep->header; - const char *str; + String *str; + int i; + rep->content_length = httpHeaderGetSize(hdr, HDR_CONTENT_LENGTH); rep->date = httpHeaderGetTime(hdr, HDR_DATE); rep->last_modified = httpHeaderGetTime(hdr, HDR_LAST_MODIFIED); - str = httpHeaderGetStr(hdr, HDR_CONTENT_TYPE); - if (str) - stringLimitInit(&rep->content_type, str, strcspn(str, ";\t ")); - else + /* Weak string reference */ + str = httpHeaderGetString(hdr, HDR_CONTENT_TYPE); + if (str && strIsNotNull(*str)) { + i = strCSpn(*str, 0, ";\t "); + /* XXX is this off by one? */ + rep->content_type = strSubStr(*str, 0, i); + } else rep->content_type = StringNull; rep->cache_control = httpHeaderGetCc(hdr); rep->content_range = httpHeaderGetContRange(hdr); Index: squid/src/acl.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/acl.c,v retrieving revision 1.90.12.2 retrieving revision 1.90.12.3 diff -u -r1.90.12.2 -r1.90.12.3 --- squid/src/acl.c 14 Dec 2007 06:30:49 -0000 1.90.12.2 +++ squid/src/acl.c 20 Dec 2007 10:35:24 -0000 1.90.12.3 @@ -1,6 +1,6 @@ /* - * $Id: acl.c,v 1.90.12.2 2007/12/14 06:30:49 adri Exp $ + * $Id: acl.c,v 1.90.12.3 2007/12/20 10:35:24 adri Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -1752,7 +1752,9 @@ char *esc_buf; const char *header; const char *browser; + String *tmpstr; int k, ti; + int ret; if (!ae) return 0; switch (ae->type) { @@ -1931,16 +1933,24 @@ return aclMatchInteger(ae->data, r->method); /* NOTREACHED */ case ACL_BROWSER: - browser = httpHeaderGetStr(&checklist->request->header, HDR_USER_AGENT); - if (NULL == browser) + tmpstr = httpHeaderGetString(&checklist->request->header, HDR_USER_AGENT); + if (NULL == tmpstr || strIsNull(*tmpstr)) return 0; - return aclMatchRegex(ae->data, browser); + /* XXX unavoidable whilst the regex code requires NUL terminated strings */ + browser = strCDup(*tmpstr); + ret = aclMatchRegex(ae->data, browser); + safe_free(browser); + return ret; /* NOTREACHED */ case ACL_REFERER_REGEX: - header = httpHeaderGetStr(&checklist->request->header, HDR_REFERER); - if (NULL == header) + tmpstr = httpHeaderGetString(&checklist->request->header, HDR_REFERER); + if (NULL == tmpstr || strIsNull(*tmpstr)) return 0; - return aclMatchRegex(ae->data, header); + /* XXX unavoidable whilst the regex code requires NUL terminated strings */ + header = strCDup(*tmpstr); + ret = aclMatchRegex(ae->data, header); + safe_free(header); + return ret; /* NOTREACHED */ case ACL_PROXY_AUTH: case ACL_PROXY_AUTH_REGEX: @@ -1988,19 +1998,28 @@ /* NOTREACHED */ #endif case ACL_REQ_MIME_TYPE: - header = httpHeaderGetStr(&checklist->request->header, - HDR_CONTENT_TYPE); - if (NULL == header) + tmpstr = httpHeaderGetString(&checklist->request->header, HDR_CONTENT_TYPE); + if (tmpstr == NULL || strIsNull(*tmpstr)) { header = ""; - return aclMatchRegex(ae->data, header); + return aclMatchRegex(ae->data, header); + } + header = strCDup(*tmpstr); + ret = aclMatchRegex(ae->data, header); + safe_free(header); + return ret; /* NOTREACHED */ case ACL_REP_MIME_TYPE: if (!checklist->reply) return 0; - header = httpHeaderGetStr(&checklist->reply->header, HDR_CONTENT_TYPE); - if (NULL == header) + tmpstr = httpHeaderGetString(&checklist->reply->header, HDR_CONTENT_TYPE); + if (tmpstr == NULL || strIsNull(*tmpstr)) { header = ""; - return aclMatchRegex(ae->data, header); + return aclMatchRegex(ae->data, header); + } + header = strCDup(*tmpstr); + ret = aclMatchRegex(ae->data, header); + safe_free(header); + return ret; /* NOTREACHED */ case ACL_REP_HEADER: if (!checklist->reply) Index: squid/src/authenticate.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/authenticate.c,v retrieving revision 1.35 retrieving revision 1.35.16.1 diff -u -r1.35 -r1.35.16.1 --- squid/src/authenticate.c 1 Jan 2007 22:51:01 -0000 1.35 +++ squid/src/authenticate.c 20 Dec 2007 10:35:24 -0000 1.35.16.1 @@ -1,6 +1,6 @@ /* - * $Id: authenticate.c,v 1.35 2007/01/01 22:51:01 squidadm Exp $ + * $Id: authenticate.c,v 1.35.16.1 2007/12/20 10:35:24 adri Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Duane Wessels @@ -42,7 +42,7 @@ CBDATA_TYPE(auth_user_ip_t); -static void authenticateDecodeAuth(const char *proxy_auth, auth_user_request_t * auth_user_request); +static void authenticateDecodeAuth(String proxy_auth, auth_user_request_t * auth_user_request); static auth_acl_t authenticateAuthenticate(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr); /* @@ -57,13 +57,13 @@ static int -authenticateAuthSchemeConfigured(const char *proxy_auth) +authenticateAuthSchemeConfigured(String proxy_auth) { authScheme *scheme; int i; for (i = 0; i < Config.authConfig.n_configured; i++) { scheme = Config.authConfig.schemes + i; - if ((strncasecmp(proxy_auth, scheme->typestr, strlen(scheme->typestr)) == 0) && + if ((strNCaseCmp(proxy_auth, scheme->typestr, strlen(scheme->typestr)) == 0) && (authscheme_list[scheme->Id].Active())) return 1; } @@ -71,11 +71,13 @@ } int -authenticateAuthSchemeId(const char *typestr) +authenticateAuthSchemeId(String typestr) { int i = 0; for (i = 0; authscheme_list && authscheme_list[i].typestr; i++) { - if (strncasecmp(typestr, authscheme_list[i].typestr, strlen(authscheme_list[i].typestr)) == 0) { + /* XXX wouldn't it be easier if these were stored as Strings! */ + int j = strlen(authscheme_list[i].typestr); + if (strNCaseCmp(typestr, authscheme_list[i].typestr, j) == 0) { return i; } } @@ -83,12 +85,12 @@ } static void -authenticateDecodeAuth(const char *proxy_auth, auth_user_request_t * auth_user_request) +authenticateDecodeAuth(String proxy_auth, auth_user_request_t * auth_user_request) { int i = 0; - assert(proxy_auth != NULL); + assert(strIsNotNull(proxy_auth)); assert(auth_user_request != NULL); /* we need this created for us. */ - debug(29, 9) ("authenticateDecodeAuth: header = '%s'\n", proxy_auth); + debug(29, 9) ("authenticateDecodeAuth: header = '%.*s'\n", strLen2(proxy_auth), strBuf2(proxy_auth)); if (authenticateAuthSchemeConfigured(proxy_auth)) { /* we're configured to use this scheme - but is it active ? */ if ((i = authenticateAuthSchemeId(proxy_auth)) != -1) { @@ -96,14 +98,14 @@ if (auth_user_request->auth_user) { auth_user_request->auth_user->auth_module = i + 1; } else { - debug(29, 1) ("authenticateDecodeAuth: Invalid proxy-auth header, '%s'\n", proxy_auth); + debug(29, 1) ("authenticateDecodeAuth: Invalid proxy-auth header, '%.*s'\n", strLen2(proxy_auth), strBuf2(proxy_auth)); } return; } } debug(29, 1) - ("authenticateDecodeAuth: Unsupported or unconfigured proxy-auth scheme, '%s'\n", - proxy_auth); + ("authenticateDecodeAuth: Unsupported or unconfigured proxy-auth scheme, '%.*s'\n", + strLen2(proxy_auth), strBuf2(proxy_auth)); return; } @@ -183,12 +185,16 @@ authenticateAuthUserNew(const char *scheme) { auth_user_t *temp_auth; + String tmp = StringNull; temp_auth = memAllocate(MEM_AUTH_USER_T); assert(temp_auth != NULL); memset(temp_auth, '\0', sizeof(auth_user_t)); temp_auth->auth_type = AUTH_UNKNOWN; temp_auth->references = 0; - temp_auth->auth_module = authenticateAuthSchemeId(scheme) + 1; + /* XXX the callers of this should be able to provide a static String and bypass having to allocate a buf_t! */ + stringInit(&tmp, scheme); + temp_auth->auth_module = authenticateAuthSchemeId(tmp) + 1; + stringClean(&tmp); temp_auth->usernamehash = NULL; return temp_auth; } @@ -361,7 +367,7 @@ * Unauthenticated structure. The structure is given an inital lock here. */ static auth_user_request_t * -authenticateGetAuthUser(const char *proxy_auth) +authenticateGetAuthUser(String proxy_auth) { auth_user_request_t *auth_user_request = authenticateAuthUserRequestNew(); /* and lock for the callers instance */ @@ -436,10 +442,11 @@ auth_acl_t authenticateAuthenticate(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr) { - const char *proxy_auth; + String *proxy_auth; assert(headertype != 0); - proxy_auth = httpHeaderGetStr(&request->header, headertype); + /* Weak string reference */ + proxy_auth = httpHeaderGetString(&request->header, headertype); /* * a note on proxy_auth logix here: @@ -447,7 +454,7 @@ * authenticated connection so we test for an authenticated * connection when we recieve no authentication header. */ - if (((proxy_auth == NULL) && (!authenticateUserAuthenticated(authTryGetUser(auth_user_request, conn, request)))) + if (((proxy_auth == NULL || strIsNull(*proxy_auth)) && (!authenticateUserAuthenticated(authTryGetUser(auth_user_request, conn, request)))) || (conn && conn->auth_type == AUTH_BROKEN)) { /* no header or authentication failed/got corrupted - restart */ if (conn) @@ -471,10 +478,10 @@ * No check for function required in the if: its compulsory for conn based * auth modules */ - if (proxy_auth && conn && conn->auth_user_request && + if (proxy_auth strIsNotNull(*proxyauth) && conn && conn->auth_user_request && authenticateUserAuthenticated(conn->auth_user_request) && - strcmp(proxy_auth, authscheme_list[conn->auth_user_request->auth_user->auth_module - 1].authConnLastHeader(conn->auth_user_request))) { - debug(29, 2) ("authenticateAuthenticate: DUPLICATE AUTH - authentication header on already authenticated connection!. AU %p, Current user '%s' proxy_auth %s\n", conn->auth_user_request, authenticateUserRequestUsername(conn->auth_user_request), proxy_auth); + strCmp(*proxy_auth, authscheme_list[conn->auth_user_request->auth_user->auth_module - 1].authConnLastHeader(conn->auth_user_request))) { + debug(29, 2) ("authenticateAuthenticate: DUPLICATE AUTH - authentication header on already authenticated connection!. AU %p, Current user '%s' proxy_auth %.*s\n", conn->auth_user_request, authenticateUserRequestUsername(conn->auth_user_request), strLen2(proxy_auth), strBuf2(proxy_auth)); /* remove this request struct - the link is already authed and it can't be to * reauth. */ @@ -493,15 +500,15 @@ #endif /* we have a proxy auth header and as far as we know this connection has * not had bungled connection oriented authentication happen on it. */ - debug(29, 9) ("authenticateAuthenticate: header %s.\n", proxy_auth ? proxy_auth : NULL); + debug(29, 9) ("authenticateAuthenticate: header %.*s.\n", proxy_auth ? strLen2(*proxy_auth) : 6, proxy_auth ? strBuf2(*proxy_auth) : "(NULL)"); if (*auth_user_request == NULL) { debug(29, 9) ("authenticateAuthenticate: This is a new checklist test on FD:%d\n", conn ? conn->fd : -1); - if (proxy_auth && !request->auth_user_request && conn && conn->auth_user_request) { - int id = authenticateAuthSchemeId(proxy_auth) + 1; + if (proxy_auth && strIsNotNull(*proxy_auth) && !request->auth_user_request && conn && conn->auth_user_request) { + int id = authenticateAuthSchemeId(*proxy_auth) + 1; if (!conn->auth_user_request->auth_user || conn->auth_user_request->auth_user->auth_module != id) { - debug(29, 1) ("authenticateAuthenticate: Unexpected change of authentication scheme from '%s' to '%s' (client %s)\n", - authscheme_list[conn->auth_user_request->auth_user->auth_module - 1].typestr, proxy_auth, inet_ntoa(src_addr)); + debug(29, 1) ("authenticateAuthenticate: Unexpected change of authentication scheme from '%s' to '%.*s' (client %s)\n", + authscheme_list[conn->auth_user_request->auth_user->auth_module - 1].typestr, strLen2(*proxy_auth), strBuf2(*proxy_auth), inet_ntoa(src_addr)); authenticateAuthUserRequestUnlock(conn->auth_user_request); conn->auth_user_request = NULL; conn->auth_type = AUTH_UNKNOWN; @@ -512,7 +519,7 @@ /* beginning of a new request check */ debug(29, 4) ("authenticateAuthenticate: no connection authentication type\n"); if (!authenticateValidateUser(*auth_user_request = - authenticateGetAuthUser(proxy_auth))) { + authenticateGetAuthUser(*proxy_auth))) { /* the decode might have left a username for logging, or a message to * the user */ if (authenticateUserRequestUsername(*auth_user_request)) { Index: squid/src/cache_cf.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/cache_cf.c,v retrieving revision 1.102.2.1.4.2 retrieving revision 1.102.2.1.4.3 diff -u -r1.102.2.1.4.2 -r1.102.2.1.4.3 --- squid/src/cache_cf.c 13 Dec 2007 00:42:51 -0000 1.102.2.1.4.2 +++ squid/src/cache_cf.c 20 Dec 2007 10:35:26 -0000 1.102.2.1.4.3 @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.c,v 1.102.2.1.4.2 2007/12/13 00:42:51 adri Exp $ + * $Id: cache_cf.c,v 1.102.2.1.4.3 2007/12/20 10:35:26 adri Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -1314,6 +1314,7 @@ { char *type_str; char *param_str; + String tmp = StringNull; authScheme *scheme = NULL; int type, i; @@ -1323,10 +1324,13 @@ if ((param_str = strtok(NULL, w_space)) == NULL) self_destruct(); - if ((type = authenticateAuthSchemeId(type_str)) == -1) { + stringInit(&tmp, type_str); + if ((type = authenticateAuthSchemeId(tmp)) == -1) { debug(3, 0) ("Parsing Config File: Unknown authentication scheme '%s'.\n", type_str); + stringClean(&tmp); return; } + stringClean(&tmp); for (i = 0; i < config->n_configured; i++) { if (config->schemes[i].Id == type) { scheme = config->schemes + i; Index: squid/src/http.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/http.c,v retrieving revision 1.63.2.3.4.15 retrieving revision 1.63.2.3.4.16 diff -u -r1.63.2.3.4.15 -r1.63.2.3.4.16 --- squid/src/http.c 20 Dec 2007 03:22:37 -0000 1.63.2.3.4.15 +++ squid/src/http.c 20 Dec 2007 10:35:26 -0000 1.63.2.3.4.16 @@ -1,6 +1,6 @@ /* - * $Id: http.c,v 1.63.2.3.4.15 2007/12/20 03:22:37 adri Exp $ + * $Id: http.c,v 1.63.2.3.4.16 2007/12/20 10:35:26 adri Exp $ * * DEBUG: section 11 Hypertext Transfer Protocol (HTTP) * AUTHOR: Harvest Derived @@ -405,7 +405,7 @@ request->vary_hdr = stringDup(&vary); request->vary_headers = stringDup(&vstr); } - debug(11, 3) ("httpMakeVaryMark: %.*s\n", strLen2(vstr), strBuf2(vstr)); + debug(11, 1) ("httpMakeVaryMark: %.*s\n", strLen2(vstr), strBuf2(vstr)); stringClean(&vary); stringClean(&vstr); Index: squid/src/mime.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/mime.c,v retrieving revision 1.19.12.3 retrieving revision 1.19.12.4 diff -u -r1.19.12.3 -r1.19.12.4 --- squid/src/mime.c 18 Dec 2007 12:10:30 -0000 1.19.12.3 +++ squid/src/mime.c 20 Dec 2007 10:35:26 -0000 1.19.12.4 @@ -1,6 +1,6 @@ /* - * $Id: mime.c,v 1.19.12.3 2007/12/18 12:10:30 adri Exp $ + * $Id: mime.c,v 1.19.12.4 2007/12/20 10:35:26 adri Exp $ * * DEBUG: section 25 MIME Parsing * AUTHOR: Harvest Derived @@ -168,7 +168,7 @@ return NULL; if ((t = strtok(NULL, " \t")) == NULL) return NULL; - return base64_decode(t); + return base64_decode(t, strlen(t)); } static mimeEntry * Index: squid/src/protos.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/protos.h,v retrieving revision 1.146.2.4.4.28 retrieving revision 1.146.2.4.4.29 diff -u -r1.146.2.4.4.28 -r1.146.2.4.4.29 --- squid/src/protos.h 20 Dec 2007 03:22:37 -0000 1.146.2.4.4.28 +++ squid/src/protos.h 20 Dec 2007 10:35:26 -0000 1.146.2.4.4.29 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.146.2.4.4.28 2007/12/20 03:22:37 adri Exp $ + * $Id: protos.h,v 1.146.2.4.4.29 2007/12/20 10:35:26 adri Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -748,7 +748,7 @@ /* authenticate.c */ extern void authenticateAuthUserMerge(auth_user_t *, auth_user_t *); extern auth_user_t *authenticateAuthUserNew(const char *); -extern int authenticateAuthSchemeId(const char *typestr); +extern int authenticateAuthSchemeId(String typestr); extern void authenticateStart(auth_user_request_t *, RH *, void *); extern void authenticateSchemeInit(void); extern void authenticateConfigure(authConfig *); Index: squid/src/typedefs.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/typedefs.h,v retrieving revision 1.43.2.3.4.4 retrieving revision 1.43.2.3.4.5 diff -u -r1.43.2.3.4.4 -r1.43.2.3.4.5 --- squid/src/typedefs.h 17 Dec 2007 08:17:51 -0000 1.43.2.3.4.4 +++ squid/src/typedefs.h 20 Dec 2007 10:35:27 -0000 1.43.2.3.4.5 @@ -1,6 +1,6 @@ /* - * $Id: typedefs.h,v 1.43.2.3.4.4 2007/12/17 08:17:51 adri Exp $ + * $Id: typedefs.h,v 1.43.2.3.4.5 2007/12/20 10:35:27 adri Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -339,7 +339,7 @@ typedef int AUTHSAUTHED(auth_user_request_t *); typedef void AUTHSAUTHUSER(auth_user_request_t *, request_t *, ConnStateData *, http_hdr_type); typedef int AUTHSCONFIGURED(void); -typedef void AUTHSDECODE(auth_user_request_t *, const char *); +typedef void AUTHSDECODE(auth_user_request_t *, String); typedef int AUTHSDIRECTION(auth_user_request_t *); typedef void AUTHSDUMP(StoreEntry *, const char *, authScheme *); typedef void AUTHSFIXERR(auth_user_request_t *, HttpReply *, http_hdr_type, request_t *); Index: squid/src/auth/basic/auth_basic.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/basic/auth_basic.c,v retrieving revision 1.27 retrieving revision 1.27.28.1 diff -u -r1.27 -r1.27.28.1 --- squid/src/auth/basic/auth_basic.c 30 Jul 2006 23:52:55 -0000 1.27 +++ squid/src/auth/basic/auth_basic.c 20 Dec 2007 10:35:27 -0000 1.27.28.1 @@ -430,26 +430,27 @@ */ static void -authenticateBasicDecodeAuth(auth_user_request_t * auth_user_request, const char *proxy_auth) +authenticateBasicDecodeAuth(auth_user_request_t * auth_user_request, String proxy_auth) { char *sent_auth; char *cleartext; + int i; basic_data *basic_auth, local_basic; auth_user_t *auth_user; dlink_node *node; /* decode the username */ /* trim BASIC from string */ - while (xisgraph(*proxy_auth)) - proxy_auth++; + for (i = 0; i < strLen2(proxy_auth) && xisgraph(strGetPos(proxy_auth, i)); i++) + ; local_basic.passwd = NULL; /* Trim leading whitespace before decoding */ - while (xisspace(*proxy_auth)) - proxy_auth++; + for (i = 0; i < strLen2(proxy_auth) && xisspace(strGetPos(proxy_auth, i)); i++) + ; /* username and password */ - sent_auth = xstrdup(proxy_auth); + sent_auth = strCDupOffset(proxy_auth, i); /* Trim trailing \n before decoding */ strtok(sent_auth, "\n"); cleartext = uudecode(sent_auth); @@ -460,8 +461,8 @@ */ debug(29, 9) ("authenticateBasicDecodeAuth: cleartext = '%s'\n", cleartext); if (strcspn(cleartext, "\r\n") != strlen(cleartext)) { - debug(29, 1) ("authenticateBasicDecodeAuth: bad characters in authorization header '%s'\n", - proxy_auth); + debug(29, 1) ("authenticateBasicDecodeAuth: bad characters in authorization header '%.*s'\n", + strLen2(proxy_auth), strBuf2(proxy_auth)); xfree(cleartext); return; } @@ -470,8 +471,8 @@ *(cleartext)++ = '\0'; local_basic.passwd = cleartext; if (cleartext == NULL) { - debug(29, 4) ("authenticateBasicDecodeAuth: no password in proxy authorization header '%s'\n", - proxy_auth); + debug(29, 4) ("authenticateBasicDecodeAuth: no password in proxy authorization header '%.*s'\n", + strLen2(proxy_auth), strBuf2(proxy_auth)); local_basic.passwd = NULL; auth_user_request->message = xstrdup("no password was present in the HTTP [proxy-]authorization header. This is most likely a browser bug"); } else if (*cleartext == '\0' && !basicConfig->blankpassword) { Index: squid/src/auth/digest/auth_digest.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/digest/auth_digest.c,v retrieving revision 1.24 retrieving revision 1.24.10.1 diff -u -r1.24 -r1.24.10.1 --- squid/src/auth/digest/auth_digest.c 27 Aug 2007 13:53:41 -0000 1.24 +++ squid/src/auth/digest/auth_digest.c 20 Dec 2007 10:35:28 -0000 1.24.10.1 @@ -1138,7 +1138,7 @@ */ static void -authenticateDigestDecodeAuth(auth_user_request_t * auth_user_request, const char *proxy_auth) +authenticateDigestDecodeAuth(auth_user_request_t * auth_user_request, String proxy_auth) { String temp; const char *item; Index: squid/src/auth/negotiate/auth_negotiate.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/negotiate/auth_negotiate.c,v retrieving revision 1.13 retrieving revision 1.13.10.1 diff -u -r1.13 -r1.13.10.1 --- squid/src/auth/negotiate/auth_negotiate.c 28 Aug 2007 22:52:22 -0000 1.13 +++ squid/src/auth/negotiate/auth_negotiate.c 20 Dec 2007 10:35:28 -0000 1.13.10.1 @@ -1,6 +1,6 @@ /* - * $Id: auth_negotiate.c,v 1.13 2007/08/28 22:52:22 squidadm Exp $ + * $Id: auth_negotiate.c,v 1.13.10.1 2007/12/20 10:35:28 adri Exp $ * * DEBUG: section 29 Negotiate Authenticator * AUTHOR: Robert Collins @@ -655,7 +655,7 @@ */ static void -authenticateDecodeNegotiateAuth(auth_user_request_t * auth_user_request, const char *proxy_auth) +authenticateDecodeNegotiateAuth(auth_user_request_t * auth_user_request, String proxy_auth) { dlink_node *node; assert(auth_user_request->auth_user == NULL); Index: squid/src/auth/ntlm/auth_ntlm.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/auth_ntlm.c,v retrieving revision 1.39 retrieving revision 1.39.10.1 diff -u -r1.39 -r1.39.10.1 --- squid/src/auth/ntlm/auth_ntlm.c 28 Aug 2007 22:52:23 -0000 1.39 +++ squid/src/auth/ntlm/auth_ntlm.c 20 Dec 2007 10:35:29 -0000 1.39.10.1 @@ -614,7 +614,7 @@ */ static void -authenticateDecodeNTLMAuth(auth_user_request_t * auth_user_request, const char *proxy_auth) +authenticateDecodeNTLMAuth(auth_user_request_t * auth_user_request, String proxy_auth) { dlink_node *node; assert(auth_user_request->auth_user == NULL); Index: squid/tools/cachemgr.c =================================================================== RCS file: /cvsroot/squid-sf//squid/tools/cachemgr.c,v retrieving revision 1.6 retrieving revision 1.6.14.1 diff -u -r1.6 -r1.6.14.1 --- squid/tools/cachemgr.c 25 Jun 2007 12:51:28 -0000 1.6 +++ squid/tools/cachemgr.c 20 Dec 2007 10:35:30 -0000 1.6.14.1 @@ -1,6 +1,6 @@ /* - * $Id: cachemgr.c,v 1.6 2007/06/25 12:51:28 squidadm Exp $ + * $Id: cachemgr.c,v 1.6.14.1 2007/12/20 10:35:30 adri Exp $ * * DEBUG: section 0 CGI Cache Manager * AUTHOR: Duane Wessels @@ -883,7 +883,7 @@ safe_free(req->passwd); if (!req->pub_auth || strlen(req->pub_auth) < 4 + strlen(safe_str(req->hostname))) return; - buf = xstrdup(base64_decode(req->pub_auth)); + buf = xstrdup(base64_decode(req->pub_auth, strlen(req->pub_auth))); debug(3) fprintf(stderr, "cmgr: length ok\n"); /* parse ( a lot of memory leaks, but that is cachemgr style :) */ if ((host_name = strtok(buf, "|")) == NULL)