X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/blobdiff_plain/a1bedb6db8934e6788075a1e1cda001356cf1d8b..04024c2cafab56ea76a9a2b35097584d6db98c06:/lib/mime.c diff --git a/lib/mime.c b/lib/mime.c index d79cc2a..5db7585 100644 --- a/lib/mime.c +++ b/lib/mime.c @@ -1,6 +1,6 @@ /* * This file is part of DisOrder - * Copyright (C) 2005, 2007 Richard Kettlewell + * Copyright (C) 2005, 2007, 2008 Richard Kettlewell * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -381,15 +381,19 @@ int mime_multipart(const char *s, int ret; /* We must start with a boundary string */ - if(!isboundary(s, boundary, bl)) + if(!isboundary(s, boundary, bl)) { + error(0, "mime_multipart: first line is not the boundary string"); return -1; + } /* Keep going until we hit a final boundary */ while(!isfinal(s, boundary, bl)) { s = strstr(s, "\r\n") + 2; start = s; while(!isboundary(s, boundary, bl)) { - if(!(e = strstr(s, "\r\n"))) + if(!(e = strstr(s, "\r\n"))) { + error(0, "mime_multipart: line does not end CRLF"); return -1; + } s = e + 2; } if((ret = callback(xstrndup(start, @@ -503,6 +507,50 @@ char *mime_qp(const char *s) { return d.vec; } +/** @brief Match cookie separator characters + * + * This is a subset of the RFC2616 specials, and technically is in breach of + * the specification. However rejecting (in particular) slashes is + * unreasonably strict and has broken at least one (admittedly somewhat + * obscure) browser, so we're more forgiving. + */ +static int cookie_separator(int c) { + switch(c) { + case '(': + case ')': + case ',': + case ';': + case '=': + case ' ': + case '"': + case '\t': + return 1; + + default: + return 0; + } +} + +/** @brief Match cookie value separator characters + * + * Same as cookie_separator() but allows for @c = in cookie values. + */ +static int cookie_value_separator(int c) { + switch(c) { + case '(': + case ')': + case ',': + case ';': + case ' ': + case '"': + case '\t': + return 1; + + default: + return 0; + } +} + /** @brief Parse a RFC2109 Cookie: header * @param s Header field value * @param cd Where to store result @@ -523,14 +571,20 @@ int parse_cookie(const char *s, s = skipwhite(s, 0); continue; } - if(!(s = parsetoken(s, &n, mime_http_separator))) + if(!(s = parsetoken(s, &n, cookie_separator))) { + error(0, "parse_cookie: cannot parse attribute name"); return -1; + } s = skipwhite(s, 0); - if(*s++ != '=') + if(*s++ != '=') { + error(0, "parse_cookie: did not find expected '='"); return -1; + } s = skipwhite(s, 0); - if(!(s = mime_parse_word(s, &v, mime_http_separator))) + if(!(s = mime_parse_word(s, &v, cookie_value_separator))) { + error(0, "parse_cookie: cannot parse value for '%s'", n); return -1; + } if(n[0] == '$') { /* Some bit of meta-information */ if(!strcmp(n, "$Version")) @@ -688,7 +742,7 @@ char *mime_to_qp(const char *text) { * @param text Underlying UTF-8 text * @param charsetp Where to store charset string * @param encodingp Where to store encoding string - * @return Encoded text (might be @ref text) + * @return Encoded text (might be @p text) */ const char *mime_encode_text(const char *text, const char **charsetp,