* \param pass his passphrase
* \param room the room he wants to enter
*/
-void stuff_to_cookie(char *cookie, int session,
+void stuff_to_cookie(char *cookie, size_t clen, int session,
char *user, char *pass, char *room)
{
char buf[SIZ];
int i;
+ int len;
- sprintf(buf, "%d|%s|%s|%s|", session, user, pass, room);
+ len = snprintf(buf, SIZ, "%d|%s|%s|%s|", session, user, pass, room);
strcpy(cookie, "");
- for (i=0; i<strlen(buf); ++i) {
- sprintf(&cookie[i*2], "%02X", buf[i]);
+ for (i=0; (i < len) && (i * 2 < clen); ++i) {
+ snprintf(&cookie[i*2], clen - i * 2, "%02X", buf[i]);
}
}
* \param len the length of the string
* \return the corrosponding integer value
*/
-int xtoi(char *in, size_t len)
+int xtoi(const char *in, size_t len)
{
int val = 0;
char c = 0;
- while (isxdigit((byte) *in) && (len-- > 0))
+ while (!IsEmptyStr(in) && isxdigit((byte) *in) && (len-- > 0))
{
c = *in++;
val <<= 4;
- val += isdigit((unsigned char)c)
- ? (c - '0')
- : (tolower((unsigned char)c) - 'a' + 10);
+ if (!isdigit((unsigned char)c)) {
+ c = tolower((unsigned char) c);
+ if ((c < 'a') || (c > 'f'))
+ return 0;
+ val += c - 'a' + 10 ;
+ }
+ else
+ val += c - '0';
}
return val;
}
* \param room the room he is in
* \param room_len the length of the room string
*/
-void cookie_to_stuff(char *cookie, int *session,
+void cookie_to_stuff(StrBuf *cookie, int *session,
char *user, size_t user_len,
char *pass, size_t pass_len,
char *room, size_t room_len)
{
+ const char *pch;
char buf[SIZ];
int i, len;
+ if (strncmp(ChrPtr(cookie), HKEY("webcit=")) == 0)
+ StrBufCutLeft(cookie, 7);
+
strcpy(buf, "");
- len = strlen(cookie) * 2 ;
+ len = StrLength(cookie) / 2;
+ pch = ChrPtr(cookie);
for (i=0; i<len; ++i) {
- buf[i] = xtoi(&cookie[i*2], 2);
+ buf[i] = xtoi(&pch[i*2], 2);
buf[i+1] = 0;
}
+/* debug
+ char t[256];
+ extract_token(t, buf, 0, '|', sizeof t);
+ lprintf(9, "SESS: %s\n", t);
+ extract_token(t, buf, 1, '|', sizeof t);
+ lprintf(9, "USER: %s\n", t);
+ extract_token(t, buf, 2, '|', sizeof t);
+ lprintf(9, "PASS: %s\n", t);
+ extract_token(t, buf, 3, '|', sizeof t);
+ lprintf(9, "ROOM: %s\n", t);
+ debug */
+
if (session != NULL)
*session = extract_int(buf, 0);
if (user != NULL)