lib-oauth2: Improve identifier escaping function

author Aki Tuomi <aki.tuomi@open-xchange.com>

Wed, 14 Apr 2021 11:12:16 +0000 (14:12 +0300)

committer timo.sirainen <timo.sirainen@open-xchange.com>

Mon, 21 Jun 2021 13:20:28 +0000 (13:20 +0000)
author Aki Tuomi <aki.tuomi@open-xchange.com>
Wed, 14 Apr 2021 11:12:16 +0000 (14:12 +0300)
committer timo.sirainen <timo.sirainen@open-xchange.com>
Mon, 21 Jun 2021 13:20:28 +0000 (13:20 +0000)
diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c

index da7db2dc5dcc1234ddef31bffa147de7d4b4ddf5..ce636d138994146c0520b4bdc25cf6f3a8e8bfe3 100644 (file)
--- a/src/lib-oauth2/oauth2-jwt.c
+++ b/src/lib-oauth2/oauth2-jwt.c
@@ -56,32 +56,31 @@ static int get_time_field(const struct json_tree *tree, const char *key,
  static const char *escape_identifier(const char *identifier)
  {
         size_t pos = strcspn(identifier, "./%");
-       if (pos < strlen(identifier)) {
-               /* sanitize identifier, cannot allow dots or / in it, so we
-                 encode them */
-               string_t *new_id = t_str_new(strlen(identifier));
-               /* put initial data */
-               str_append_data(new_id, identifier, pos);
-
-               for (const char *c = identifier+pos; *c != '\0'; c++) {
-                       switch (*c) {
-                       case '.':
-                               str_append(new_id, "%2e");
-                               break;
-                       case '/':
-                               str_append(new_id, "%2f");
-                               break;
-                       case '%':
-                               str_append(new_id, "%25");
-                               break;
-                       default:
-                               str_append_c(new_id, *c);
-                               break;
-                       }
-               }
-               return str_c(new_id);
+       /* nothing to escape */
+       if (identifier[pos] == '\0')
+               return identifier;
+
+       size_t len = strlen(identifier);
+       string_t *new_id = t_str_new(len);
+       str_append_data(new_id, identifier, pos);
+
+       for (size_t i = pos; i < len; i++) {
+               switch (identifier[i]) {
+               case '.':
+                       str_append(new_id, "%2e");
+                       break;
+               case '/':
+                       str_append(new_id, "%2f");
+                       break;
+               case '%':
+                       str_append(new_id, "%25");
+                       break;
+               default:
+                       str_append_c(new_id, identifier[i]);
+                       break;
+               }
         }
-       return identifier;
+       return str_c(new_id);
  }
  
  static int
author	Aki Tuomi <aki.tuomi@open-xchange.com>
	Wed, 14 Apr 2021 11:12:16 +0000 (14:12 +0300)
committer	timo.sirainen <timo.sirainen@open-xchange.com>
	Mon, 21 Jun 2021 13:20:28 +0000 (13:20 +0000)