From: Aki Tuomi Date: Wed, 14 Apr 2021 11:12:16 +0000 (+0300) Subject: lib-oauth2: Improve identifier escaping function X-Git-Tag: 2.3.16~33 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8b716828c4a4ba11f2189ce002b80bf62a74538e;p=thirdparty%2Fdovecot%2Fcore.git lib-oauth2: Improve identifier escaping function --- diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c index da7db2dc5d..ce636d1389 100644 --- a/src/lib-oauth2/oauth2-jwt.c +++ b/src/lib-oauth2/oauth2-jwt.c @@ -56,32 +56,31 @@ static int get_time_field(const struct json_tree *tree, const char *key, static const char *escape_identifier(const char *identifier) { size_t pos = strcspn(identifier, "./%"); - if (pos < strlen(identifier)) { - /* sanitize identifier, cannot allow dots or / in it, so we - encode them */ - string_t *new_id = t_str_new(strlen(identifier)); - /* put initial data */ - str_append_data(new_id, identifier, pos); - - for (const char *c = identifier+pos; *c != '\0'; c++) { - switch (*c) { - case '.': - str_append(new_id, "%2e"); - break; - case '/': - str_append(new_id, "%2f"); - break; - case '%': - str_append(new_id, "%25"); - break; - default: - str_append_c(new_id, *c); - break; - } - } - return str_c(new_id); + /* nothing to escape */ + if (identifier[pos] == '\0') + return identifier; + + size_t len = strlen(identifier); + string_t *new_id = t_str_new(len); + str_append_data(new_id, identifier, pos); + + for (size_t i = pos; i < len; i++) { + switch (identifier[i]) { + case '.': + str_append(new_id, "%2e"); + break; + case '/': + str_append(new_id, "%2f"); + break; + case '%': + str_append(new_id, "%25"); + break; + default: + str_append_c(new_id, identifier[i]); + break; + } } - return identifier; + return str_c(new_id); } static int