return -1;
}
+/* Escapes '.', '/' and '%' in identifier to %hex */
+static const char *escape_identifier(const char *identifier)
+{
+ size_t pos = strcspn(identifier, "./%");
+ if (pos < strlen(identifier)) {
+ /* sanitize identifier, cannot allow dots or / in it, so we
+ encode them */
+ string_t *new_id = t_str_new(strlen(identifier));
+ /* put initial data */
+ str_append_data(new_id, identifier, pos);
+
+ for (const char *c = identifier+pos; *c != '\0'; c++) {
+ switch (*c) {
+ case '.':
+ str_append(new_id, "%2e");
+ break;
+ case '/':
+ str_append(new_id, "%2f");
+ break;
+ case '%':
+ str_append(new_id, "%25");
+ break;
+ default:
+ str_append_c(new_id, *c);
+ break;
+ }
+ }
+ return str_c(new_id);
+ }
+ return identifier;
+}
+
static int
oauth2_lookup_hmac_key(const struct oauth2_settings *set, const char *azp,
const char *alg, const char *key_id,
else if (*kid == '\0') {
*error_r = "'kid' field is empty";
return -1;
- }
-
- size_t pos = strcspn(kid, "./%");
- if (pos < strlen(kid)) {
- /* sanitize kid, cannot allow dots or / in it, so we encode them
- */
- string_t *new_kid = t_str_new(strlen(kid));
- /* put initial data */
- str_append_data(new_kid, kid, pos);
- for (const char *c = kid+pos; *c != '\0'; c++) {
- switch (*c) {
- case '.':
- str_append(new_kid, "%2e");
- break;
- case '/':
- str_append(new_kid, "%2f");
- break;
- case '%':
- str_append(new_kid, "%25");
- break;
- default:
- str_append_c(new_kid, *c);
- break;
- }
- }
- kid = str_c(new_kid);
+ } else {
+ kid = escape_identifier(kid);
}
/* parse body */
projects / thirdparty / dovecot / core.git / commitdiff
