From 8b716828c4a4ba11f2189ce002b80bf62a74538e Mon Sep 17 00:00:00 2001 From: Aki Tuomi Date: Wed, 14 Apr 2021 14:12:16 +0300 Subject: [PATCH] lib-oauth2: Improve identifier escaping function --- src/lib-oauth2/oauth2-jwt.c | 49 ++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c index da7db2dc5d..ce636d1389 100644 --- a/src/lib-oauth2/oauth2-jwt.c +++ b/src/lib-oauth2/oauth2-jwt.c @@ -56,32 +56,31 @@ static int get_time_field(const struct json_tree *tree, const char *key, static const char *escape_identifier(const char *identifier) { size_t pos = strcspn(identifier, "./%"); - if (pos < strlen(identifier)) { - /* sanitize identifier, cannot allow dots or / in it, so we - encode them */ - string_t *new_id = t_str_new(strlen(identifier)); - /* put initial data */ - str_append_data(new_id, identifier, pos); - - for (const char *c = identifier+pos; *c != '\0'; c++) { - switch (*c) { - case '.': - str_append(new_id, "%2e"); - break; - case '/': - str_append(new_id, "%2f"); - break; - case '%': - str_append(new_id, "%25"); - break; - default: - str_append_c(new_id, *c); - break; - } - } - return str_c(new_id); + /* nothing to escape */ + if (identifier[pos] == '\0') + return identifier; + + size_t len = strlen(identifier); + string_t *new_id = t_str_new(len); + str_append_data(new_id, identifier, pos); + + for (size_t i = pos; i < len; i++) { + switch (identifier[i]) { + case '.': + str_append(new_id, "%2e"); + break; + case '/': + str_append(new_id, "%2f"); + break; + case '%': + str_append(new_id, "%25"); + break; + default: + str_append_c(new_id, identifier[i]); + break; + } } - return identifier; + return str_c(new_id); } static int -- 2.47.3