On Thu, Sep 25, 2014 at 09:56:30PM -0500, Salz, Rich wrote: > +static int tohex(char c) > + { > + switch (c) > + { > + case '0': return 0; > + case '1': return 1; > + case '2': return 2; > + case '3': return 3; > + case '4': return 4; > + case '5': return 5; > + case '6': return 6; > + case '7': return 7; > + case '8': return 8; > + case '9': return 9; > + case 'A': case 'a': return 10; > + case 'B': case 'b': return 11; > + case 'C': case 'c': return 12; > + case 'D': case 'd': return 13; > + case 'E': case 'e': return 14; > + case 'F': case 'f': return 15; > + } > + return 0; > + }
This code treats non-hex characters as zero, they should trigger an error. > + /* URL decode? Really shouldn't be needed. */ > + if (strchr(p, '+') != NULL && strchr(p, '%') != NULL) > + p = urldecode(p); That '&&' should be '||'. Is it OK to modify 'p' (aka inbuf) in place? > + else if (!strncmp(inbuf, "POST", 4)) This and "GET" case above it should check for a space following "POST" or "GET". -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org