Manage a string in HTTP TLS core.
This commit is contained in:
22
src/hsts.cc
22
src/hsts.cc
@ -34,6 +34,8 @@
|
||||
#include "../dlib/dlib.h"
|
||||
#include "IO/tls.hh"
|
||||
|
||||
#include <string>
|
||||
|
||||
typedef struct {
|
||||
char *host;
|
||||
time_t expires_at;
|
||||
@ -141,9 +143,9 @@ static void Hsts_set_policy(const char *host, long max_age, bool_t subdomains)
|
||||
/**
|
||||
* Read the next attribute.
|
||||
*/
|
||||
static char *Hsts_parse_attr(const char **header_str)
|
||||
static std::string Hsts_parse_attr(const char **header_str)
|
||||
{
|
||||
const char *str;
|
||||
std::string str;
|
||||
uint_t len;
|
||||
|
||||
while (dIsspace(**header_str))
|
||||
@ -151,12 +153,12 @@ static char *Hsts_parse_attr(const char **header_str)
|
||||
|
||||
str = *header_str;
|
||||
/* find '=' at end of attr, ';' after attr/val pair, '\0' end of string */
|
||||
len = strcspn(str, "=;");
|
||||
len = strcspn(str.c_str(), "=;");
|
||||
*header_str += len;
|
||||
|
||||
while (len && (str[len - 1] == ' ' || str[len - 1] == '\t'))
|
||||
len--;
|
||||
return dStrndup(str, len);
|
||||
return str.substr( 0, len );
|
||||
}
|
||||
|
||||
/**
|
||||
@ -214,14 +216,14 @@ void a_Hsts_set(const char *header, const DilloUrl *url)
|
||||
|
||||
/* Iterate until there is nothing left of the string */
|
||||
while (*header) {
|
||||
char *attr;
|
||||
std::string attr;
|
||||
char *value;
|
||||
|
||||
/* Get attribute */
|
||||
attr = Hsts_parse_attr(&header);
|
||||
|
||||
/* Get the value for the attribute and store it */
|
||||
if (dStrAsciiCasecmp(attr, "max-age") == 0) {
|
||||
if (dStrAsciiCasecmp(attr.c_str(), "max-age") == 0) {
|
||||
value = Hsts_parse_value(&header);
|
||||
if (isdigit(*value)) {
|
||||
errno = 0;
|
||||
@ -231,21 +233,19 @@ void a_Hsts_set(const char *header, const DilloUrl *url)
|
||||
max_age_valid = TRUE;
|
||||
}
|
||||
dFree(value);
|
||||
} else if (dStrAsciiCasecmp(attr, "includeSubDomains") == 0) {
|
||||
} else if (dStrAsciiCasecmp(attr.c_str(), "includeSubDomains") == 0) {
|
||||
subdomains = TRUE;
|
||||
Hsts_eat_value(&header);
|
||||
} else if (dStrAsciiCasecmp(attr, "preload") == 0) {
|
||||
} else if (dStrAsciiCasecmp(attr.c_str(), "preload") == 0) {
|
||||
/* 'preload' is not part of the RFC, but what does google care for
|
||||
* standards? They require that 'preload' be specified by a domain
|
||||
* in order to be added to their preload list.
|
||||
*/
|
||||
} else {
|
||||
MSG("HSTS: header contains unknown attribute: '%s'\n", attr);
|
||||
MSG("HSTS: header contains unknown attribute: '%s'\n", attr.c_str());
|
||||
Hsts_eat_value(&header);
|
||||
}
|
||||
|
||||
dFree(attr);
|
||||
|
||||
if (*header == ';')
|
||||
header++;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user