diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2011-09-11 21:04:02 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2011-09-11 21:04:02 +0200 |
| commit | dd1061b6a79b0161597799e825bfefc27993ace5 (patch) | |
| tree | f7099078291da669907c5e3f428c10af27a54417 /networking/wget.c | |
| parent | 5126cf9a15f9e5c3986be0fc2743b63adcc6b1fb (diff) | |
| download | busybox-w32-dd1061b6a79b0161597799e825bfefc27993ace5.tar.gz busybox-w32-dd1061b6a79b0161597799e825bfefc27993ace5.tar.bz2 busybox-w32-dd1061b6a79b0161597799e825bfefc27993ace5.zip | |
wget: URL-decode user:password before base64-encoding it into auth hdr. Closes 3625.
function old new delta
percent_decode_in_place - 152 +152
parse_url 304 317 +13
handle_incoming_and_exit 2795 2798 +3
httpd_main 763 760 -3
decodeString 152 - -152
------------------------------------------------------------------------------
(add/remove: 2/1 grow/shrink: 2/1 up/down: 168/-155) Total: 13 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking/wget.c')
| -rw-r--r-- | networking/wget.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/networking/wget.c b/networking/wget.c index 6443705fd..94a2f7c3d 100644 --- a/networking/wget.c +++ b/networking/wget.c | |||
| @@ -298,8 +298,13 @@ static void parse_url(const char *src_url, struct host_info *h) | |||
| 298 | 298 | ||
| 299 | sp = strrchr(h->host, '@'); | 299 | sp = strrchr(h->host, '@'); |
| 300 | if (sp != NULL) { | 300 | if (sp != NULL) { |
| 301 | h->user = h->host; | 301 | // URL-decode "user:password" string before base64-encoding: |
| 302 | // wget http://test:my%20pass@example.com should send | ||
| 303 | // Authorization: Basic dGVzdDpteSBwYXNz | ||
| 304 | // which decodes to "test:my pass". | ||
| 305 | // Standard wget and curl do this too. | ||
| 302 | *sp = '\0'; | 306 | *sp = '\0'; |
| 307 | h->user = percent_decode_in_place(h->host, /*strict:*/ 0); | ||
| 303 | h->host = sp + 1; | 308 | h->host = sp + 1; |
| 304 | } | 309 | } |
| 305 | 310 | ||
| @@ -660,12 +665,6 @@ static void download_one_url(const char *url) | |||
| 660 | 665 | ||
| 661 | #if ENABLE_FEATURE_WGET_AUTHENTICATION | 666 | #if ENABLE_FEATURE_WGET_AUTHENTICATION |
| 662 | if (target.user) { | 667 | if (target.user) { |
| 663 | //TODO: URL-decode "user:password" string before base64-encoding: | ||
| 664 | //wget http://test:my%20pass@example.com should send | ||
| 665 | // Authorization: Basic dGVzdDpteSBwYXNz | ||
| 666 | //which decodes to "test:my pass", instead of what we send now: | ||
| 667 | // Authorization: Basic dGVzdDpteSUyMHBhc3M= | ||
| 668 | //Can reuse decodeString() from httpd.c | ||
| 669 | fprintf(sfp, "Proxy-Authorization: Basic %s\r\n"+6, | 668 | fprintf(sfp, "Proxy-Authorization: Basic %s\r\n"+6, |
| 670 | base64enc(target.user)); | 669 | base64enc(target.user)); |
| 671 | } | 670 | } |