From c0f724d8d656f4671b28b389ed3e40c9f2c64413 Mon Sep 17 00:00:00 2001 From: Stephan Bosch Date: Wed, 3 Sep 2025 23:31:26 +0200 Subject: [PATCH] lib-auth: auth-digest - Rework auth_digest_parse_keyvalue() to yield const results --- src/lib-auth/auth-digest.c | 15 +++++++++------ src/lib-auth/auth-digest.h | 3 ++- src/lib-sasl/sasl-server-mech-digest-md5.c | 8 ++++---- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/src/lib-auth/auth-digest.c b/src/lib-auth/auth-digest.c index 575d02cfff..5722b29df2 100644 --- a/src/lib-auth/auth-digest.c +++ b/src/lib-auth/auth-digest.c @@ -13,16 +13,17 @@ /* Linear whitespace */ #define IS_LWS(c) ((c) == ' ' || (c) == '\t') -bool auth_digest_parse_keyvalue(char **data, char **key_r, char **value_r) +bool auth_digest_parse_keyvalue(char **data, const char **key_r, + const char **value_r) { /* @UNSAFE */ - char *p, *dest; + char *p, *dest, *key, *value; p = *data; while (IS_LWS(*p)) p++; /* get key */ - *key_r = p; + key = p; while (*p != '\0' && *p != '=' && *p != ',') p++; @@ -31,7 +32,7 @@ bool auth_digest_parse_keyvalue(char **data, char **key_r, char **value_r) return FALSE; } - *value_r = p+1; + value = p+1; /* skip trailing whitespace in key */ while (p > *data && IS_LWS(p[-1])) @@ -39,7 +40,7 @@ bool auth_digest_parse_keyvalue(char **data, char **key_r, char **value_r) *p = '\0'; /* get value */ - p = *value_r; + p = value; while (IS_LWS(*p)) p++; if (*p != '"') { @@ -55,7 +56,7 @@ bool auth_digest_parse_keyvalue(char **data, char **key_r, char **value_r) *p = '\0'; } else { /* quoted string */ - *value_r = dest = ++p; + value = dest = ++p; while (*p != '\0' && *p != '"') { if (*p == '\\' && p[1] != '\0') p++; @@ -66,6 +67,8 @@ bool auth_digest_parse_keyvalue(char **data, char **key_r, char **value_r) *dest = '\0'; } + *key_r = str_lcase(key); + *value_r = value; return TRUE; } diff --git a/src/lib-auth/auth-digest.h b/src/lib-auth/auth-digest.h index 2ab4ab3640..e579e65d93 100644 --- a/src/lib-auth/auth-digest.h +++ b/src/lib-auth/auth-digest.h @@ -5,7 +5,8 @@ * Parsing */ -bool auth_digest_parse_keyvalue(char **data, char **key_r, char **value_r); +bool auth_digest_parse_keyvalue(char **data, const char **key_r, + const char **value_r); /* * Processing diff --git a/src/lib-sasl/sasl-server-mech-digest-md5.c b/src/lib-sasl/sasl-server-mech-digest-md5.c index 75043f1e24..1436d7412e 100644 --- a/src/lib-sasl/sasl-server-mech-digest-md5.c +++ b/src/lib-sasl/sasl-server-mech-digest-md5.c @@ -189,13 +189,11 @@ verify_credentials(struct sasl_server_mech_request *auth_request, static bool auth_handle_response(struct digest_auth_request *request, - char *key, char *value, const char **error_r) + const char *key, const char *value, const char **error_r) { struct sasl_server_mech_request *auth_request = &request->auth_request; unsigned int i; - (void)str_lcase(key); - if (strcmp(key, "realm") == 0) { if (auth_request->realm == NULL && *value != '\0') sasl_server_request_set_realm(auth_request, value); @@ -367,7 +365,7 @@ parse_digest_response(struct digest_auth_request *request, const char **error_r) { struct sasl_server_mech_request *auth_request = &request->auth_request; - char *copy, *key, *value; + char *copy; bool failed; /* @@ -397,6 +395,8 @@ parse_digest_response(struct digest_auth_request *request, potential problems with NUL characters in strings. */ copy = t_strdup_noconst(t_strndup(data, size)); while (*copy != '\0') { + const char *key, *value; + if (auth_digest_parse_keyvalue(©, &key, &value)) { if (!auth_handle_response(request, key, value, error_r)) { -- 2.47.3