TEST(BstrTest, IndexOf) {
bstr *haystack = bstr_dup_mem("ABCDEFGHIJKL\000NOPQRSTUVWXYZ", 20);
bstr *p1 = bstr_dup_c("NOPQ");
bstr *p2 = bstr_dup_c("siej");
bstr *p3 = bstr_dup_c("TUVWXYZ");
bstr *p4 = bstr_dup_c("nopq");
EXPECT_EQ(13, bstr_index_of(haystack, p1));
EXPECT_EQ(-1, bstr_index_of(haystack, p2));
EXPECT_EQ(-1, bstr_index_of(haystack, p3));
EXPECT_EQ(-1, bstr_index_of(haystack, p4));
EXPECT_EQ(13, bstr_index_of_nocase(haystack, p4));
EXPECT_EQ(16, bstr_index_of_c(haystack, "QRS"));
EXPECT_EQ(-1, bstr_index_of_c(haystack, "qrs"));
EXPECT_EQ(16, bstr_index_of_c_nocase(haystack, "qrs"));
EXPECT_EQ(16, bstr_index_of_mem(haystack, "QRSSDF",3));
EXPECT_EQ(-1, bstr_index_of_mem(haystack, "qrssdf",3));
EXPECT_EQ(16, bstr_index_of_mem_nocase(haystack, "qrssdf",3));
bstr_free(p1);
bstr_free(p2);
bstr_free(p3);
bstr_free(p4);
bstr_free(haystack);
}
/**
* Parses Digest Authorization request header.
*
* @param[in] connp
* @param[in] auth_header
*/
int htp_parse_authorization_digest(htp_connp_t *connp, htp_header_t *auth_header) {
// Extract the username
int i = bstr_index_of_c(auth_header->value, "username="******"') {
connp->in_tx->request_auth_username = htp_extract_quoted_string_as_bstr(data + pos, len - pos, NULL);
} else {
return HTP_ERROR;
}
return HTP_OK;
}
/**
* Parses Basic Authorization request header.
*
* @param[in] connp
* @param[in] auth_header
*/
int htp_parse_authorization_basic(htp_connp_t *connp, htp_header_t *auth_header) {
unsigned char *data = bstr_ptr(auth_header->value);
size_t len = bstr_len(auth_header->value);
size_t pos = 5;
// Ignore whitespace
while ((pos < len) && (isspace((int) data[pos]))) pos++;
if (pos == len) return HTP_ERROR;
// Decode base64-encoded data
bstr *decoded = htp_base64_decode_mem(data + pos, len - pos);
if (decoded == NULL) return HTP_ERROR;
// Now extract the username and password
int i = bstr_index_of_c(decoded, ":");
if (i == -1) {
bstr_free(decoded);
return HTP_ERROR;
}
connp->in_tx->request_auth_username = bstr_dup_ex(decoded, 0, i);
if (connp->in_tx->request_auth_username == NULL) {
bstr_free(decoded);
return HTP_ERROR;
}
connp->in_tx->request_auth_password = bstr_dup_ex(decoded, i + 1, bstr_len(decoded) - i - 1);
if (connp->in_tx->request_auth_password) {
bstr_free(decoded);
bstr_free(connp->in_tx->request_auth_username);
return HTP_ERROR;
}
bstr_free(decoded);
return HTP_OK;
}
/**
* Process part headers. In the current implementation, we only parse the
* Content-Disposition header if it is present.
*
* @param part
* @return Success indication
*/
int htp_mpart_part_process_headers(htp_mpart_part_t *part) {
// Find C-D header
htp_header_t *h = (htp_header_t *) table_get_c(part->headers, "content-disposition");
if (h == NULL) {
// TODO Error message
return 0;
}
if (bstr_index_of_c(h->value, "form-data") != 0) {
return -1;
}
// The parsing starts here
unsigned char *data = (unsigned char *) bstr_ptr(h->value);
size_t len = bstr_len(h->value);
size_t pos = 9; // Start after "form-data"
// Main parameter parsing loop (once per parameter)
while (pos < len) {
// Find semicolon and go over it
while ((pos < len) && ((data[pos] == '\t') || (data[pos] == ' '))) pos++;
if (pos == len) return -2;
// Semicolon
if (data[pos] != ';') return -3;
pos++;
// Go over the whitespace before parameter name
while ((pos < len) && ((data[pos] == '\t') || (data[pos] == ' '))) pos++;
if (pos == len) return -4;
// Found starting position (name)
size_t start = pos;
// Look for ending position
while ((pos < len) && (data[pos] != '\t') && (data[pos] != ' ') && (data[pos] != '=')) pos++;
if (pos == len) return -5;
// Ending position is in "pos" now
// Is it a parameter we are interested in?
int param_type = htp_mpartp_cd_param_type(data, start, pos);
// Ignore whitespace
while ((pos < len) && ((data[pos] == '\t') || (data[pos] == ' '))) pos++;
if (pos == len) return -6;
// Equals
if (data[pos] != '=') return -7;
pos++;
// Go over the whitespace before value
while ((pos < len) && ((data[pos] == '\t') || (data[pos] == ' '))) pos++;
if (pos == len) return -8;
// Found starting point (value)
start = pos;
// Quoting char indicator
int qchar = -1;
// Different handling for quoted and bare strings
if (data[start] == '"') {
// Quoted string
qchar = data[start];
start = ++pos;
// Find the end of the value
while ((pos < len) && (data[pos] != qchar)) {
if (data[pos] == '\\') {
// Ignore invalid quoting pairs
if (pos + 1 < len) return -9;
// Go over the quoted character
pos++;
}
pos++;
}
} else {
// Bare string
while ((pos < len) && (!htp_is_token(data[pos]))) pos++;
}
switch (param_type) {
case PARAM_NAME:
// TODO Unquote quoted characters
part->name = bstr_dup_mem((char *) data + start, pos - start);
if (part->name == NULL) return -1;
break;
case PARAM_FILENAME:
// TODO Unquote quoted characters
part->file = calloc(1, sizeof (htp_file_t));
if (part->file == NULL) return -1;
part->file->filename = bstr_dup_mem((char *) data + start, pos - start);
if (part->file->filename == NULL) return -1;
part->file->source = HTP_FILE_MULTIPART;
break;
default:
// Ignore unknown parameter
// TODO Warn/log?
break;
}
// Skip over the quoting character
if (qchar != -1) {
pos++;
}
// Continue to parse the next parameter, if any
}
return 1;
}