summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick White <git@njw.me.uk>2012-02-12 13:43:34 +0000
committerNick White <git@njw.me.uk>2012-02-12 13:43:34 +0000
commitcfd81b03f049c98f239e960f1903d4d3acef04bf (patch)
tree7008617b54e55a2b623d5efa112b5068ac96a870
parentcf3fb606b2f834cd84f23a4df58fe6f15e4fc239 (diff)
Fix bug in HTTP header parsing
HTTP headers, when contained in more than one packet, could be misread, causing cookie loss.
-rw-r--r--util.c38
-rw-r--r--util.h1
2 files changed, 22 insertions, 17 deletions
diff --git a/util.c b/util.c
index b7502f2..2b62513 100644
--- a/util.c
+++ b/util.c
@@ -52,7 +52,7 @@ int dial(char *host, char *port) {
int get(char *host, char *path, char *sendcookie, char *savecookie, char **buf) {
size_t l, res;
int fd, i, p;
- char h[HDRMAX] = "";
+ char h[BUFSIZ] = "";
char c[COOKIEMAX] = "";
char t[BUFSIZ];
char *t2;
@@ -62,27 +62,19 @@ int get(char *host, char *path, char *sendcookie, char *savecookie, char **buf)
if(sendcookie && sendcookie[0])
snprintf(c, COOKIEMAX, "\r\nCookie: %s", sendcookie);
- snprintf(h, HDRMAX, "GET %s HTTP/1.0\r\nUser-Agent: getxbook-"VERSION \
+ snprintf(h, BUFSIZ, "GET %s HTTP/1.0\r\nUser-Agent: getxbook-"VERSION \
" (not mozilla)\r\nHost: %s%s\r\n\r\n", path, host, c);
if(!send(fd, h, strlen(h), 0)) return 0;
*buf = NULL;
l = 0;
+ h[0] = 0;
snprintf(m, 256, "Set-Cookie: %%%ds;", COOKIEMAX-1);
+
while((res = recv(fd, t, BUFSIZ, 0)) > 0) {
- if(sscanf(t, "HTTP/%d.%d %d", &i, &i, &p) == 3 && p != 200) {
- if(p == 403)
- fprintf(stderr, "403 forbidden: your IP address may be temporarily blocked\n");
- return 0;
- }
- t2 = t;
- if(savecookie != NULL) {
- while((t2 = strstr(t2, "Set-Cookie: ")) && sscanf(t2, m, c)) {
- strncat(savecookie, c, COOKIEMAX);
- t2++;
- }
- }
+ strncat(h, t, BUFSIZ - strlen(h) - 1);
if((t2 = strstr(t, "\r\n\r\n")) != NULL && (t2 - t) < (signed)res) {
+ /* end of header, save rest to buffer */
t2+=4;
l = res - (t2 - t);
*buf = malloc(sizeof(char *) * l);
@@ -91,6 +83,20 @@ int get(char *host, char *path, char *sendcookie, char *savecookie, char **buf)
}
}
+ if(sscanf(h, "HTTP/%d.%d %d", &i, &i, &p) == 3 && p != 200) {
+ if(p == 403)
+ fprintf(stderr, "403 forbidden: your IP address may be temporarily blocked\n");
+ return 0;
+ }
+ t2 = h;
+ if(savecookie != NULL) {
+ while((t2 = strstr(t2, "Set-Cookie: ")) && sscanf(t2, m, c)) {
+ strncat(savecookie, c, COOKIEMAX);
+ printf("set cookie %s\n",c);
+ t2++;
+ }
+ }
+
*buf = realloc(*buf, sizeof(char *) * (l+BUFSIZ));
for(; buf != NULL && (res = recv(fd, *buf+l, BUFSIZ, 0)) > 0; l+=res)
*buf = realloc(*buf, sizeof(char *) * (l+BUFSIZ));
@@ -127,13 +133,13 @@ int gettofile(char *host, char *url, char *sendcookie, char *savecookie, char *s
int post(char *host, char *path, char *data, char **buf) {
size_t l, res;
int fd, i, p;
- char h[HDRMAX] = "";
+ char h[BUFSIZ] = "";
char t[BUFSIZ];
char *t2;
if((fd = dial(host, "80")) == -1) return 0;
- snprintf(h, HDRMAX, "POST %s HTTP/1.0\r\nUser-Agent: getxbook-"VERSION \
+ snprintf(h, BUFSIZ, "POST %s HTTP/1.0\r\nUser-Agent: getxbook-"VERSION \
" (not mozilla)\r\nContent-Length: %d\r\n" \
"Content-Type: application/x-www-form-urlencoded\r\n" \
"Host: %s\r\n\r\n%s\r\n",
diff --git a/util.h b/util.h
index 1711765..af05560 100644
--- a/util.h
+++ b/util.h
@@ -1,6 +1,5 @@
/* See COPYING file for copyright and license details. */
#define COOKIEMAX 1024
-#define HDRMAX 1024
int dial(char *host, char *port);
int get(char *host, char *path, char *sendcookie, char *savecookie, char **buf);
int gettofile(char *host, char *url, char *sendcookie, char *savecookie, char *savepath);