test_internal.c

brane Sun, 29 Jun 2025 01:52:40 -0700

Author: brane
Date: Sun Jun 29 08:52:35 2025
New Revision: 1926854

URL: http://svn.apache.org/viewvc?rev=1926854&view=rev
Log:
On the user-defined-authn branch: Fix edge cases in the authn parameter
parser: allow empty quoted strings and do not allow empty unquoted values.


* src/syntax.c
  (serf__parse_authn_parameters): Use different criteria to validate
   quoted-string valiues than for token values, and requore that the
   value is a token.

* test/test_internal.c
  (test_parse_parameters,
  test_parse_bad_parameters): Add two more test cases.

Modified:
    serf/branches/user-defined-authn/src/syntax.c
    serf/branches/user-defined-authn/test/test_internal.c

Modified: serf/branches/user-defined-authn/src/syntax.c
URL: 
http://svn.apache.org/viewvc/serf/branches/user-defined-authn/src/syntax.c?rev=1926854&r1=1926853&r2=1926854&view=diff
==============================================================================
--- serf/branches/user-defined-authn/src/syntax.c (original)
+++ serf/branches/user-defined-authn/src/syntax.c Sun Jun 29 08:52:35 2025
@@ -481,12 +481,15 @@ apr_hash_t *serf__parse_authn_parameters
         /* Parse the value, either a token or a quoted string. */
         ++src;
         value = dst;
-        if (*src == '"')
+        if (*src == '"') {
             src = copy_quoted_string(&dst, src);
-        else if (ct_istoken(*src))
+            if (!src)
+                break;
+        } else {
             src = copy_token(&dst, src);
-        if (!src || value == dst)
-            break;
+            if (!src || value == dst)
+                break;
+        }
         *dst++ = '\0';
 
         /* Must be at the end of the string or at a valid separator. */

Modified: serf/branches/user-defined-authn/test/test_internal.c
URL: 
http://svn.apache.org/viewvc/serf/branches/user-defined-authn/test/test_internal.c?rev=1926854&r1=1926853&r2=1926854&view=diff
==============================================================================
--- serf/branches/user-defined-authn/test/test_internal.c (original)
+++ serf/branches/user-defined-authn/test/test_internal.c Sun Jun 29 08:52:35 
2025
@@ -495,25 +495,30 @@ static void test_parse_parameters(CuTest
         { "realm", "Wonderland" },
         { "scope", "Alice" },
         { "!#$%&'*+-.^_`|~", "(\"\\)"},
+        { "empty", "" },
         { NULL, NULL }
     };
 
     parse_parameters(tc,
                      "Realm=\"Wonderland\","
                      "ScOpE=Alice , "
-                     "!#$%&'*+-.^_`|~=\"(\\\"\\\\)\"",
+                     "!#$%&'*+-.^_`|~=\"(\\\"\\\\)\","
+                     "empty=\"\"",
                      expected);
 }
 
 static void test_parse_bad_parameters(CuTest *tc)
 {
-    static const struct expected_attrs expected[] = {
+    static const struct expected_attrs unexpected[] = {
+        { "first", "value" },
         { NULL, NULL }
     };
+    static const struct expected_attrs *expected = &unexpected[1];
 
     parse_parameters(tc, "", expected);
     parse_parameters(tc, "\t", expected);
     parse_parameters(tc, "(comm", expected);
+    parse_parameters(tc, "first=value, key=", unexpected);
     parse_parameters(tc, "key=\"value", expected);
     parse_parameters(tc, "key = value", expected);
     parse_parameters(tc, "key=\"value1\"key=value2", expected);

svn commit: r1926854 - in /serf/branches/user-defined-authn: src/syntax.c test/test_internal.c

Reply via email to