Browse Source

Correctly detect missing parameter value.

When parsing URI parameters, the following case was not detected:

  ?param1&param2=value

The absence of a value for param1 was missed because the code would look
for the '=' character in the next parameter (as if there was a single
parameter named 'param1&param2').

Fix that by checking that the '=' delimiter comes before the next '&'
delimiter, if any.
master
Damien Goutte-Gattat 3 months ago
parent
commit
17b8d7fd1d
  1. 9
      src/secretcfg.c
  2. 4
      tests/t-parseuri.c

9
src/secretcfg.c

@ -201,11 +201,12 @@ parse_parameter(const char **uri, gfsec_share_t *share)
if ( **uri == '\0' )
return 0; /* Silently ignore terminal delimiter. */
if ( ! (eq = strchr(*uri, '=')) )
return GFSEC_ERR_CONFIG_INVALID_URI;
amp = strchrnul(*uri, '&');
if ( ! (eq = strchr(*uri, '=')) || amp < eq )
return GFSEC_ERR_CONFIG_INVALID_URI; /* Missing value. */
if ( strncmp(*uri, "share", eq - *uri) == 0 ) {
amp = strchrnul(++eq, '&');
eq += 1;
if ( strncmp(eq, "no", amp - eq) == 0 )
share->number = GFSEC_SHARE_NUMBER_FULL;
else if ( strncmp(eq, "full", amp - eq) == 0 )
@ -215,7 +216,7 @@ parse_parameter(const char **uri, gfsec_share_t *share)
*uri = amp;
}
else if ( strncmp(*uri, "sha256", eq - *uri) == 0 ) {
amp = strchrnul(++eq, '&');
eq += 1;
rc = parse_sha256(eq, amp - eq, &(share->hash));
*uri = amp;
}

4
tests/t-parseuri.c

@ -69,11 +69,15 @@ struct test tests[] = {
/* Several parameters. */
{ "file:///path/to/share.123?param1=val1&param2=val2&param3=val3",
0, GFSEC_SCHEME_FILE, "", "/path/to/share.123", 123, 0 },
{ "file:///path/to/share.123?param1=val&share=no&param3=val3",
0, GFSEC_SCHEME_FILE, "", "/path/to/share.123", 0, 1 },
/* Parameter with no value. */
{ "file:///path/to/share.123?param", GFSEC_ERR_CONFIG_INVALID_URI },
{ "file:///path/to/share.123?param1=val1&param2",
GFSEC_ERR_CONFIG_INVALID_URI },
{ "file:///path/to/share.123?param1=val1&param2&param3=val",
GFSEC_ERR_CONFIG_INVALID_URI },
/* Parameter with empty value. */
{ "file:///path/to/share.123?param=",

Loading…
Cancel
Save