On Thu, Sep 25, 2014 at 09:56:30PM -0500, Salz, Rich wrote:
> +static int tohex(char c)
> + {
> + switch (c)
> + {
> + case '0': return 0;
> + case '1': return 1;
> + case '2': return 2;
> + case '3': return 3;
> + case '4': return 4;
> + case '5': return 5;
> + case '6': return 6;
> + case '7': return 7;
> + case '8': return 8;
> + case '9': return 9;
> + case 'A': case 'a': return 10;
> + case 'B': case 'b': return 11;
> + case 'C': case 'c': return 12;
> + case 'D': case 'd': return 13;
> + case 'E': case 'e': return 14;
> + case 'F': case 'f': return 15;
> + }
> + return 0;
> + }
This code treats non-hex characters as zero, they should trigger
an error.
> + /* URL decode? Really shouldn't be needed. */
> + if (strchr(p, '+') != NULL && strchr(p, '%') != NULL)
> + p = urldecode(p);
That '&&' should be '||'. Is it OK to modify 'p' (aka inbuf) in
place?
> + else if (!strncmp(inbuf, "POST", 4))
This and "GET" case above it should check for a space following
"POST" or "GET".
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
