[libmicrohttpd] Re: libmicrohttpd question

libmicrohttpd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] Re: libmicrohttpd question

From:	Christian Grothoff
Subject:	[libmicrohttpd] Re: libmicrohttpd question
Date:	Fri, 9 Jul 2010 13:14:27 +0200
User-agent:	KMail/1.9.9

Yes, but that's really the least of the issues (since 2*len  > 4*len/3); the 
real issue is the excessive use of strncat which is O(n) as opposed to O(1) 
for the construction of the result. 

So as an example, I think this is fine as-is, for production there is a lot 
that one would want to change.  Also, I think you need 1 + 4*((len+2)/3) for 
the 0-termination (len=0 would otherwise yield a 0 byte allocation).  

Best,

Christian

Am Thursday 08 July 2010 13:35:24 schrieben Sie:
> I think, there is also error in the string_to_base64
>
> tmp = (char*)::malloc( length << 1 );
>
> but:
>   ::strncat( tmp, &lookup[(l >> 18) & 0x3F], 1 );
>   ::strncat( tmp, &lookup[(l >> 12) & 0x3F], 1 );
>
>   if( i + 1 < length )
>
>    ::strncat( tmp, &lookup[(l >> 6) & 0x3F], 1 );
>
>   if( i + 2 < length )
>
>    ::strncat( tmp, &lookup[l & 0x3F], 1 );
>
> may be, tmp must have size
> tmp = (char*)::malloc( 4*((length + 2)/3));
> ?
>
> Best regard,
> Dmitriy
> ----- Original Message -----
> From: "Christian Grothoff" <address@hidden>
> To: "Dmitriy Vasil'ev" <address@hidden>
> Cc: <address@hidden>
> Sent: Wednesday, July 07, 2010 9:35 PM
> Subject: Re: libmicrohttpd question
>
> > Am Tuesday 06 July 2010 15:30:46 schrieb Dmitriy Vasil'ev:
> >> Dear sir,
> >>
> >> in the example of basic authentification I see (p.17 of the tutorial.pdf
> >> or
> >> libmicrohttpd-0.4.6\doc\examples\basicauthentication.c, lines from 66 to
> >> 84
> >> ):
> >>
> >> char *expected_b64, *expected;
> >> int authenticated;
> >> ...
> >> strcpy (expected, username);
> >> strcat (expected, ":");
> >> strcat (expected, password);
> >> expected_b64 = string_to_base64 (expected);
> >> if (NULL == expected_b64) return 0;
> >> strcpy (expected, strbase); <-------- why?
> >> authenticated = (strcmp (headervalue + strlen (strbase), expected_b64)
> >> == 0); free (expected_b64);
> >> return authenticated;
> >>
> >> Why you do: strcpy (expected, strbase);?
> >> Why you do not free memory for variable "expected"?
> >> Is this bugs or this is correct?
> >
> > As far as I can see, you are totally right and these are bugs (I didn't
> > write
> > the code, but there is clearly no reason for both of the things you
> > describe).   I've fixed the issues in SVN 12179 (I hope ;-)).
> >
> > Best,
> >
> > Christian

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] Re: libmicrohttpd question, Christian Grothoff, 2010/07/07
- Message not available
  - [libmicrohttpd] Re: libmicrohttpd question, Christian Grothoff <=
- Message not available
  - [libmicrohttpd] Re: strlen in libmicrohttpd, Christian Grothoff, 2010/07/16

Prev by Date: Re: [libmicrohttpd] Problems with libmicrohttpd and IE7/IE8 on WinXP
Next by Date: Re: [libmicrohttpd] Problems with libmicrohttpd and IE7/IE8 on WinXP
Previous by thread: [libmicrohttpd] Re: libmicrohttpd question
Next by thread: [libmicrohttpd] Re: strlen in libmicrohttpd
Index(es):
- Date
- Thread