/** * Parses Basic Authorization request header. * * @param[in] connp * @param[in] auth_header */ int htp_parse_authorization_basic(htp_connp_t *connp, htp_header_t *auth_header) { unsigned char *data = bstr_ptr(auth_header->value); size_t len = bstr_len(auth_header->value); size_t pos = 5; // Ignore whitespace while ((pos < len) && (isspace((int) data[pos]))) pos++; if (pos == len) return HTP_ERROR; // Decode base64-encoded data bstr *decoded = htp_base64_decode_mem(data + pos, len - pos); if (decoded == NULL) return HTP_ERROR; // Now extract the username and password int i = bstr_index_of_c(decoded, ":"); if (i == -1) { bstr_free(decoded); return HTP_ERROR; } connp->in_tx->request_auth_username = bstr_dup_ex(decoded, 0, i); if (connp->in_tx->request_auth_username == NULL) { bstr_free(decoded); return HTP_ERROR; } connp->in_tx->request_auth_password = bstr_dup_ex(decoded, i + 1, bstr_len(decoded) - i - 1); if (connp->in_tx->request_auth_password) { bstr_free(decoded); bstr_free(connp->in_tx->request_auth_username); return HTP_ERROR; } bstr_free(decoded); return HTP_OK; }
/** * Base64-decode input, given as bstring. * * @param[in] input * @return new base64-decoded bstring */ bstr *htp_base64_decode_bstr(bstr *input) { return htp_base64_decode_mem(bstr_ptr(input), bstr_len(input)); }
TEST(Base64, Decode) { const char *input ="dGhpcyBpcyBhIHRlc3QuLg=="; bstr *out = htp_base64_decode_mem(input, strlen(input)); EXPECT_EQ(0, bstr_cmp_c(out, "this is a test..")); bstr_free(out); }