[http] Allow for URI encodings within username and password
authorMichael Brown <mcb30@etherboot.org>
Fri, 13 Feb 2009 16:26:43 +0000 (16:26 +0000)
committerMichael Brown <mcb30@etherboot.org>
Fri, 13 Feb 2009 16:26:43 +0000 (16:26 +0000)
src/net/tcp/http.c

index 1052400..5748730 100644 (file)
@@ -407,8 +407,21 @@ static void http_step ( struct process *process ) {
 
                /* Construct authorisation, if applicable */
                if ( user_pw_len ) {
-                       snprintf ( user_pw, sizeof ( user_pw ), "%s:%s",
-                                  user, password );
+                       char *buf = user_pw;
+                       ssize_t remaining = sizeof ( user_pw );
+                       size_t len;
+
+                       /* URI-decode the username and password */
+                       len = uri_decode ( user, buf, remaining );
+                       buf += len;
+                       remaining -= len;
+                       *(remaining--, buf++) = ':';
+                       len = uri_decode ( password, buf, remaining );
+                       buf += len;
+                       remaining -= len;
+                       assert ( remaining >= 0 );
+
+                       /* Base64-encode the "user:password" string */
                        base64_encode ( user_pw, user_pw_base64 );
                }