-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
httpauth: basic challenge creation and verification functions #875
httpauth: basic challenge creation and verification functions #875
Conversation
cHuberCoffee
commented
Jul 10, 2023
- create and encode HTTP Basic requests.
- verify HTTP basic authentication header
- test cases for httpauth_basic verification and request encoding
- httpauth_basic is tested against wget, curl and an chromium based browser (Brave Browser)
src/httpauth/basic.c
Outdated
if (!req) | ||
return 0; | ||
|
||
if (req->charset && str_len(req->charset)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it is better to use "str_isset" here
src/httpauth/basic.c
Outdated
return re_hprintf(pf, "Basic realm=\"%s\", charset=\"%s\"", | ||
req->realm, req->charset); | ||
else | ||
return re_hprintf(pf, "Basic realm=\"%s\"", req->realm); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this code can be simplified.
Print "basic realm" every time. If charset is set, append charset.
src/httpauth/basic.c
Outdated
goto out; | ||
|
||
err = mbuf_printf(mb, "%b:%b", | ||
user, str_len(user), passwd, str_len(passwd)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can also use %s:%s here ...
src/httpauth/basic.c
Outdated
if (err) | ||
goto out; | ||
|
||
if (memcmp(mb->buf, c, clen) != 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it is more secure to use this function:
int mem_seccmp(const uint8_t *s1, const uint8_t *s2, size_t n);
looks good. Please merge to main... |