kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 519c3c16d42127884f4802832c8439adc8e2feb5
parent 5f7709211b6a66740fb4f930b51102e22411936e
Author: Joris Vink <joris@coders.se>
Date:   Mon, 14 Dec 2015 18:48:48 +0100

Do not run kore_split_string() on original cookie

This broke after http_request_header() started returning
a pointer to the actual header value instead of a copy.

Reminded by PauloMelo via github.

Diffstat:
src/auth.c | 14+++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/auth.c b/src/auth.c @@ -109,9 +109,11 @@ kore_auth_cookie(struct http_request *req, struct kore_auth *auth) size_t len, slen; char *value, *c, *cookie, *cookies[HTTP_MAX_COOKIES]; - if (!http_request_header(req, "cookie", &cookie)) + if (!http_request_header(req, "cookie", &c)) return (KORE_RESULT_ERROR); + cookie = kore_strdup(c); + slen = strlen(auth->value); v = kore_split_string(cookie, ";", cookies, HTTP_MAX_COOKIES); for (i = 0; i < v; i++) { @@ -123,14 +125,20 @@ kore_auth_cookie(struct http_request *req, struct kore_auth *auth) break; } - if (i == v) + if (i == v) { + kore_mem_free(cookie); return (KORE_RESULT_ERROR); + } c = cookies[i]; - if ((value = strchr(c, '=')) == NULL) + if ((value = strchr(c, '=')) == NULL) { + kore_mem_free(cookie); return (KORE_RESULT_ERROR); + } i = kore_validator_check(req, auth->validator, ++value); + kore_mem_free(cookie); + return (i); }