Ignore:
Timestamp:
01/04/11 23:22:19 (10 years ago)
Author:
Admin
Message:

WebIf: Do some cleanup and reduce malloc usage a little bit

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/oscam-http-helpers.c

    r4233 r4313  
    6262   back which you may freely use (but you should not call free/realloc on this!)*/
    6363char *tpl_printf(struct templatevars *vars, int append, char *varname, char *fmtstring, ...){
    64     unsigned int allocated = strlen(fmtstring) - (strlen(fmtstring)%16) + 16;
    65     char *result, *tmp = (char *) malloc(allocated * sizeof(char));
     64    unsigned int needed;
     65    char test[1];
    6666    va_list argptr;
    6767
    6868    va_start(argptr,fmtstring);
    69     vsnprintf(tmp ,allocated, fmtstring, argptr);
     69    needed = vsnprintf(test, 1, fmtstring, argptr);
    7070    va_end(argptr);
    71     while (strlen(tmp) + 1 == allocated){
    72         allocated += 16;
    73         tmp = (char *) realloc(tmp, allocated * sizeof(char));
    74         va_start(argptr,fmtstring);
    75         vsnprintf(tmp, allocated, fmtstring, argptr);
    76         va_end(argptr);
    77     }
    78     result = (char *) malloc(strlen(tmp) + 1 * sizeof(char));
    79     strcpy(result, tmp);
    80     free(tmp);
     71   
     72    char *result = (char *) malloc((needed + 1) * sizeof(char));
     73    va_start(argptr,fmtstring);
     74    vsnprintf(result, needed + 1, fmtstring, argptr);
     75    va_end(argptr);
     76
    8177    if(varname == NULL) tpl_addTmp(vars, result);
    8278    else {
     
    276272/* Calculates the currently valid nonce value and copies it to result*/
    277273void calculate_nonce(char *result, int resultlen){
    278     char *expectednonce, *noncetmp;
    279   noncetmp = (char*) malloc (128*sizeof(char));
    280   sprintf(noncetmp, "%d", (int)time(NULL)/AUTHNONCEVALIDSECS);
    281   strcat(noncetmp, ":");
    282   strcat(noncetmp, noncekey);
    283   fflush(stdout);
    284   expectednonce =char_to_hex(MD5((unsigned char*)noncetmp, strlen(noncetmp), NULL), MD5_DIGEST_LENGTH, hex2ascii);
     274  char noncetmp[128];
     275  sprintf(noncetmp, "%d:%s", (int)time(NULL)/AUTHNONCEVALIDSECS, noncekey);
     276  char *expectednonce = char_to_hex(MD5((unsigned char*)noncetmp, strlen(noncetmp), NULL), MD5_DIGEST_LENGTH, hex2ascii);
    285277  cs_strncpy(result, expectednonce, resultlen);
    286   free(noncetmp);
    287278    free(expectednonce);
    288279}
     
    291282int check_auth(char *authstring, char *method, char *path, char *expectednonce){
    292283    int authok = 0, uriok = 0;
    293     char *authnonce;
    294     char *authnc;
    295     char *authcnonce;
    296     char *uri;
    297     char *authresponse;
    298     char *A1tmp, *A2tmp, *A3tmp;
    299     char *A1, *A2, *A3;
    300   char *pch, *pch2;
    301 
    302     authnonce = "";
    303     authnc = "";
    304     authcnonce = "";
    305     authresponse = "";
    306     uri = "";
    307     pch = authstring + 22;
     284    char *authnonce = "";
     285    char *authnc = "";
     286    char *authcnonce = "";
     287    char *authresponse = "";
     288    char *uri = "";
     289    char *username = "";
     290    char *expectedPassword = cfg->http_pwd;
     291    char *pch = authstring + 22;
     292    char *pch2;
     293   
    308294    pch = strtok (pch,",");
    309295    while (pch != NULL){
     
    320306      } else if (strncmp(pch2, "uri", 3) == 0){
    321307        uri=parse_auth_value(pch2);
     308      } else if (strncmp(pch2, "username", 8) == 0){
     309        username=parse_auth_value(pch2);
    322310      }
    323311      pch = strtok (NULL, ",");
    324312    }
     313
    325314    if(strncmp(uri, path, strlen(path)) == 0) uriok = 1;
    326315    else {
     
    331320        if(strncmp(pch2, path, strlen(path)) == 0) uriok = 1;
    332321    }
    333     if(uriok == 1){
    334         A1tmp = (char*) malloc ((3 + strlen(cfg->http_user) + strlen(AUTHREALM) + strlen(cfg->http_pwd))*sizeof(char));
    335         strcpy(A1tmp, cfg->http_user);
    336         strcat(A1tmp, ":");
    337         strcat(A1tmp, AUTHREALM);
    338         strcat(A1tmp, ":");
    339         strcat(A1tmp, cfg->http_pwd);
    340         A2tmp = (char*) malloc ((2 + strlen(method) + strlen(uri))*sizeof(char));
    341         strcpy(A2tmp, method);
    342         strcat(A2tmp, ":");
    343         strcat(A2tmp, uri);
    344         A1=char_to_hex(MD5((unsigned char*)A1tmp, strlen(A1tmp), NULL), MD5_DIGEST_LENGTH, hex2ascii);
    345         A2=char_to_hex(MD5((unsigned char*)A2tmp, strlen(A2tmp), NULL), MD5_DIGEST_LENGTH, hex2ascii);
    346         A3tmp = (char*) malloc ((10 + strlen(A1) + strlen(A2) + strlen(authnonce) + strlen(authnc) + strlen(authcnonce))*sizeof(char));
    347         strcpy(A3tmp, A1);
    348         strcat(A3tmp, ":");
    349         strcat(A3tmp, authnonce);
    350         strcat(A3tmp, ":");
    351         strcat(A3tmp, authnc);
    352         strcat(A3tmp, ":");
    353         strcat(A3tmp, authcnonce);
    354         strcat(A3tmp, ":auth:");
    355         strcat(A3tmp, A2);
    356         A3=char_to_hex(MD5((unsigned char*)A3tmp, strlen(A3tmp), NULL), MD5_DIGEST_LENGTH, hex2ascii);
     322    if(uriok == 1 && strcmp(username, cfg->http_user) == 0){
     323        char A1tmp[3 + strlen(username) + strlen(AUTHREALM) + strlen(expectedPassword)];
     324        sprintf(A1tmp, "%s:%s:%s", username, AUTHREALM, expectedPassword);
     325        char *A1 = char_to_hex(MD5((unsigned char*)A1tmp, strlen(A1tmp), NULL), MD5_DIGEST_LENGTH, hex2ascii);
     326       
     327        char A2tmp[2 + strlen(method) + strlen(uri)];
     328        sprintf(A2tmp, "%s:%s", method, uri);       
     329        char *A2 = char_to_hex(MD5((unsigned char*)A2tmp, strlen(A2tmp), NULL), MD5_DIGEST_LENGTH, hex2ascii);
     330       
     331        char A3tmp[10 + strlen(A1) + strlen(A2) + strlen(authnonce) + strlen(authnc) + strlen(authcnonce)];
     332        sprintf(A3tmp, "%s:%s:%s:%s:auth:%s", A1, authnonce, authnc, authcnonce, A2);
     333        char *A3 = char_to_hex(MD5((unsigned char*)A3tmp, strlen(A3tmp), NULL), MD5_DIGEST_LENGTH, hex2ascii);
     334       
    357335        if(strcmp(A3, authresponse) == 0) {
    358336            if(strcmp(expectednonce, authnonce) == 0) authok = 1;
    359337            else authok = 2;
    360338        }
    361         free(A1tmp);
    362         free(A2tmp);
    363         free(A3tmp);
    364339        free(A1);
    365340        free(A2);
Note: See TracChangeset for help on using the changeset viewer.