diff options
author | Alejandro Perez <alex@um.es> | 2017-02-06 16:31:22 +0100 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2017-02-09 04:38:44 -0500 |
commit | 9bd84625838b82a789fc291d85460ab2878093d6 (patch) | |
tree | a3e1fbd9bb74313c008bb936a6da7d9a46428bea | |
parent | eb8ed98b9ba758a0c8db67151c18d1dd943e4289 (diff) | |
download | mod_auth_gssapi-9bd84625838b82a789fc291d85460ab2878093d6.tar.gz mod_auth_gssapi-9bd84625838b82a789fc291d85460ab2878093d6.tar.xz mod_auth_gssapi-9bd84625838b82a789fc291d85460ab2878093d6.zip |
JSON strings need to be escaped (i.e. replace " with \")
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #125
-rw-r--r-- | src/environ.c | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/src/environ.c b/src/environ.c index 7cd3b8a..e3a021a 100644 --- a/src/environ.c +++ b/src/environ.c @@ -87,6 +87,37 @@ static void mag_set_env_name_attr(request_rec *req, struct mag_conn *mc, } } +static char* mag_escape_display_value(request_rec *req, gss_buffer_desc disp_value) +{ + /* This function returns a copy (in the pool) of the given gss_buffer_t where every + * occurrence of " has been replaced by \". This string is NULL terminated */ + int i = 0, j = 0, n_quotes = 0; + char *escaped_value = NULL; + char *value = (char*) disp_value.value; + + // count number of quotes in the input string + for (i = 0, j = 0; i < disp_value.length; i++) + if (value[i] == '"') + n_quotes++; + + // if there are no quotes, just return a copy of the string + if (n_quotes == 0) + return apr_pstrndup(req->pool, value, disp_value.length); + + // gss_buffer_t are not \0 terminated, but our result will be + escaped_value = apr_palloc(req->pool, disp_value.length + n_quotes + 1); + for (i = 0,j = 0; i < disp_value.length; i++, j++) { + if (value[i] == '"') { + escaped_value[j] = '\\'; + j++; + } + escaped_value[j] = value[i]; + } + // make the string NULL terminated + escaped_value[j] = '\0'; + return escaped_value; +} + static void mag_add_json_name_attr(request_rec *req, bool first, struct name_attr *attr, char **json) { @@ -106,8 +137,8 @@ static void mag_add_json_name_attr(request_rec *req, bool first, attr->value.length); } if (attr->display_value.length != 0) { - len = attr->display_value.length; - value = (const char *)attr->display_value.value; + value = mag_escape_display_value(req, attr->display_value); + len = strlen(value); } if (attr->number == 1) { *json = apr_psprintf(req->pool, |