"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "http.c" between
openconnect-8.04.tar.gz and openconnect-8.05.tar.gz

About: OpenConnect is a client for Cisco\PKG_DESCR_TTrsquo;s AnyConnect SSL VPN, which is supported by many Cisco Routers.

http.c  (openconnect-8.04):http.c  (openconnect-8.05)
skipping to change at line 438 skipping to change at line 438
const char *print_equals; const char *print_equals;
char *equals = strchr(colon, '='); char *equals = strchr(colon, '=');
int ret; int ret;
if (semicolon) if (semicolon)
*semicolon = 0; *semicolon = 0;
if (!equals) { if (!equals) {
vpn_progress(vpninfo, PRG_ERR, vpn_progress(vpninfo, PRG_ERR,
_("Invalid cookie offered: %s\n"), b uf); _("Invalid cookie offered: %s\n"), b uf);
openconnect_close_https(vpninfo, 0);
return -EINVAL; return -EINVAL;
} }
*(equals++) = 0; *(equals++) = 0;
print_equals = equals; print_equals = equals;
/* Don't print the webvpn cookie unless it's empty; we do n't /* Don't print the webvpn cookie unless it's empty; we do n't
want people posting it in public with debugging output */ want people posting it in public with debugging output */
if (!strcmp(colon, "webvpn") && *equals) if (!strcmp(colon, "webvpn") && *equals)
print_equals = _("<elided>"); print_equals = _("<elided>");
vpn_progress(vpninfo, PRG_DEBUG, "%s: %s=%s%s%s\n", vpn_progress(vpninfo, PRG_DEBUG, "%s: %s=%s%s%s\n",
skipping to change at line 459 skipping to change at line 460
semicolon ? (semicolon+1) : ""); semicolon ? (semicolon+1) : "");
/* The server tends to ask for the username and password as /* The server tends to ask for the username and password as
usual, even if we've already failed because it didn't like usual, even if we've already failed because it didn't like
our cert. Thankfully it does give us this hint... */ our cert. Thankfully it does give us this hint... */
if (!strcmp(colon, "ClientCertAuthFailed")) if (!strcmp(colon, "ClientCertAuthFailed"))
vpn_progress(vpninfo, PRG_ERR, vpn_progress(vpninfo, PRG_ERR,
_("SSL certificate authentication fa iled\n")); _("SSL certificate authentication fa iled\n"));
ret = http_add_cookie(vpninfo, colon, equals, 1); ret = http_add_cookie(vpninfo, colon, equals, 1);
if (ret) if (ret) {
openconnect_close_https(vpninfo, 0);
return ret; return ret;
}
} else { } else {
vpn_progress(vpninfo, PRG_DEBUG, "%s: %s\n", buf, colon); vpn_progress(vpninfo, PRG_DEBUG, "%s: %s\n", buf, colon);
} }
if (!strcasecmp(buf, "Connection")) { if (!strcasecmp(buf, "Connection")) {
if (!strcasecmp(colon, "Close")) if (!strcasecmp(colon, "Close"))
closeconn = 1; closeconn = 1;
#if 0 #if 0
/* This might seem reasonable, but in fact it breaks /* This might seem reasonable, but in fact it breaks
certificate authentication with some servers. If certificate authentication with some servers. If
they give an HTTP/1.0 response, even if they they give an HTTP/1.0 response, even if they
explicitly give a Connection: Keep-Alive header, explicitly give a Connection: Keep-Alive header,
just close the connection. */ just close the connection. */
else if (!strcasecmp(colon, "Keep-Alive")) else if (!strcasecmp(colon, "Keep-Alive"))
closeconn = 0; closeconn = 0;
#endif #endif
} }
if (!strcasecmp(buf, "Location")) { if (!strcasecmp(buf, "Location")) {
vpninfo->redirect_url = strdup(colon); vpninfo->redirect_url = strdup(colon);
if (!vpninfo->redirect_url) if (!vpninfo->redirect_url) {
openconnect_close_https(vpninfo, 0);
return -ENOMEM; return -ENOMEM;
}
} }
if (!strcasecmp(buf, "Content-Length")) { if (!strcasecmp(buf, "Content-Length")) {
bodylen = atoi(colon); bodylen = atoi(colon);
if (bodylen < 0) { if (bodylen < 0) {
vpn_progress(vpninfo, PRG_ERR, vpn_progress(vpninfo, PRG_ERR,
_("Response body has negative size ( %d)\n"), _("Response body has negative size ( %d)\n"),
bodylen); bodylen);
openconnect_close_https(vpninfo, 0); openconnect_close_https(vpninfo, 0);
return -EINVAL; return -EINVAL;
} }
skipping to change at line 524 skipping to change at line 529
return result; return result;
/* Now the body, if there is one */ /* Now the body, if there is one */
vpn_progress(vpninfo, PRG_DEBUG, _("HTTP body %s (%d)\n"), vpn_progress(vpninfo, PRG_DEBUG, _("HTTP body %s (%d)\n"),
bodylen == BODY_HTTP10 ? "http 1.0" : bodylen == BODY_HTTP10 ? "http 1.0" :
bodylen == BODY_CHUNKED ? "chunked" : "length: ", bodylen == BODY_CHUNKED ? "chunked" : "length: ",
bodylen); bodylen);
/* If we were given Content-Length, it's nice and easy... */ /* If we were given Content-Length, it's nice and easy... */
if (bodylen > 0) { if (bodylen > 0) {
if (buf_ensure_space(body, bodylen + 1)) if (buf_ensure_space(body, bodylen + 1)) {
openconnect_close_https(vpninfo, 0);
return buf_error(body); return buf_error(body);
}
while (body->pos < bodylen) { while (body->pos < bodylen) {
i = vpninfo->ssl_read(vpninfo, body->data + body->pos, bo dylen - body->pos); i = vpninfo->ssl_read(vpninfo, body->data + body->pos, bo dylen - body->pos);
if (i < 0) { if (i < 0) {
vpn_progress(vpninfo, PRG_ERR, vpn_progress(vpninfo, PRG_ERR,
_("Error reading HTTP response body\ n")); _("Error reading HTTP response body\ n"));
openconnect_close_https(vpninfo, 0); openconnect_close_https(vpninfo, 0);
return -EINVAL; return -EINVAL;
} }
body->pos += i; body->pos += i;
} }
} else if (bodylen == BODY_CHUNKED) { } else if (bodylen == BODY_CHUNKED) {
/* ... else, chunked */ /* ... else, chunked */
while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) { while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
int chunklen, lastchunk = 0; int lastchunk = 0;
long chunklen;
if (i < 0) { if (i < 0) {
vpn_progress(vpninfo, PRG_ERR, vpn_progress(vpninfo, PRG_ERR,
_("Error fetching chunk header\n")); _("Error fetching chunk header\n"));
openconnect_close_https(vpninfo, 0);
return i; return i;
} }
chunklen = strtol(buf, NULL, 16); chunklen = strtol(buf, NULL, 16);
if (!chunklen) { if (!chunklen) {
lastchunk = 1; lastchunk = 1;
goto skip; goto skip;
} }
if (buf_ensure_space(body, chunklen + 1)) if (chunklen < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("HTTP chunk length is negative (%l
d)\n"), chunklen);
openconnect_close_https(vpninfo, 0);
return -EINVAL;
}
if (chunklen >= INT_MAX) {
vpn_progress(vpninfo, PRG_ERR,
_("HTTP chunk length is too large (%
ld)\n"), chunklen);
openconnect_close_https(vpninfo, 0);
return -EINVAL;
}
if (buf_ensure_space(body, chunklen + 1)) {
openconnect_close_https(vpninfo, 0);
return buf_error(body); return buf_error(body);
}
while (chunklen) { while (chunklen) {
i = vpninfo->ssl_read(vpninfo, body->data + body- >pos, chunklen); i = vpninfo->ssl_read(vpninfo, body->data + body- >pos, chunklen);
if (i < 0) { if (i < 0) {
vpn_progress(vpninfo, PRG_ERR, vpn_progress(vpninfo, PRG_ERR,
_("Error reading HTTP respon se body\n")); _("Error reading HTTP respon se body\n"));
openconnect_close_https(vpninfo, 0);
return -EINVAL; return -EINVAL;
} }
chunklen -= i; chunklen -= i;
body->pos += i; body->pos += i;
} }
skip: skip:
if ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) { if ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
if (i < 0) { if (i < 0) {
vpn_progress(vpninfo, PRG_ERR, vpn_progress(vpninfo, PRG_ERR,
_("Error fetching HTTP respo nse body\n")); _("Error fetching HTTP respo nse body\n"));
} else { } else {
vpn_progress(vpninfo, PRG_ERR, vpn_progress(vpninfo, PRG_ERR,
_("Error in chunked decoding . Expected '', got: '%s'"), _("Error in chunked decoding . Expected '', got: '%s'"),
buf); buf);
} }
openconnect_close_https(vpninfo, 0);
return -EINVAL; return -EINVAL;
} }
if (lastchunk) if (lastchunk)
break; break;
} }
} else if (bodylen == BODY_HTTP10) { } else if (bodylen == BODY_HTTP10) {
if (!closeconn) { if (!closeconn) {
vpn_progress(vpninfo, PRG_ERR, vpn_progress(vpninfo, PRG_ERR,
_("Cannot receive HTTP 1.0 body without clos ing connection\n")); _("Cannot receive HTTP 1.0 body without clos ing connection\n"));
openconnect_close_https(vpninfo, 0); openconnect_close_https(vpninfo, 0);
return -EINVAL; return -EINVAL;
} }
/* HTTP 1.0 response. Just eat all we can in 4KiB chunks */ /* HTTP 1.0 response. Just eat all we can in 4KiB chunks */
while (1) { while (1) {
if (buf_ensure_space(body, 4096 + 1)) if (buf_ensure_space(body, 4096 + 1)) {
openconnect_close_https(vpninfo, 0);
return buf_error(body); return buf_error(body);
}
i = vpninfo->ssl_read(vpninfo, body->data + body->pos, 40 96); i = vpninfo->ssl_read(vpninfo, body->data + body->pos, 40 96);
if (i < 0) { if (i < 0) {
/* Error */ /* Error */
openconnect_close_https(vpninfo, 0); openconnect_close_https(vpninfo, 0);
return i; return i;
} else if (!i) } else if (!i)
break; break;
/* Got more data */ /* Got more data */
body->pos += i; body->pos += i;
 End of changes. 15 change blocks. 
6 lines changed or deleted 35 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)