commit 919006cfd7906632a90c68d5d14a8ed9c8763a3a
parent 37f81cc1a65fe448108c4188d1b1f800d369ffc8
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 17 Sep 2023 12:23:20 +0200
correctly double-quote ETag values
Diffstat:
5 files changed, 37 insertions(+), 19 deletions(-)
diff --git a/src/lib/sync_api_upload.c b/src/lib/sync_api_upload.c
@@ -292,7 +292,7 @@ SYNC_upload (struct GNUNET_CURL_Context *ctx,
val = GNUNET_STRINGS_data_to_string_alloc (&usp.new_backup_hash,
sizeof (struct GNUNET_HashCode));
GNUNET_asprintf (&hdr,
- "%s: %s",
+ "%s: \"%s\"",
MHD_HTTP_HEADER_IF_NONE_MATCH,
val);
GNUNET_free (val);
@@ -314,7 +314,7 @@ SYNC_upload (struct GNUNET_CURL_Context *ctx,
sizeof (struct
GNUNET_HashCode));
GNUNET_asprintf (&hdr,
- "If-Match: %s",
+ "If-Match: \"%s\"",
val);
GNUNET_free (val);
ext = curl_slist_append (job_headers,
diff --git a/src/sync/sync-httpd_backup.c b/src/sync/sync-httpd_backup.c
@@ -94,13 +94,16 @@ SH_backup_get (struct MHD_Connection *connection,
inm = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
MHD_HTTP_HEADER_IF_NONE_MATCH);
- if (NULL != inm)
+ if ( (NULL != inm) &&
+ (2 < strlen (inm)) &&
+ ('"' == inm[0]) &&
+ ('=' == inm[strlen (inm) - 1]) )
{
struct GNUNET_HashCode inm_h;
if (GNUNET_OK !=
- GNUNET_STRINGS_string_to_data (inm,
- strlen (inm),
+ GNUNET_STRINGS_string_to_data (inm + 1,
+ strlen (inm) - 2,
&inm_h,
sizeof (inm_h)))
{
@@ -221,6 +224,7 @@ SH_return_backup (struct MHD_Connection *connection,
char *sig_s;
char *prev_s;
char *etag;
+ char *etagq;
sig_s = GNUNET_STRINGS_data_to_string_alloc (&account_sig,
sizeof (account_sig));
@@ -236,10 +240,14 @@ SH_return_backup (struct MHD_Connection *connection,
MHD_add_response_header (resp,
"Sync-Previous",
prev_s));
+ GNUNET_asprintf (&etagq,
+ "\"%s\"",
+ etag);
GNUNET_break (MHD_YES ==
MHD_add_response_header (resp,
MHD_HTTP_HEADER_ETAG,
- etag));
+ etagq));
+ GNUNET_free (etagq);
GNUNET_free (etag);
GNUNET_free (prev_s);
GNUNET_free (sig_s);
diff --git a/src/sync/sync-httpd_backup_post.c b/src/sync/sync-httpd_backup_post.c
@@ -770,18 +770,23 @@ SH_backup_post (struct MHD_Connection *connection,
im = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
MHD_HTTP_HEADER_IF_MATCH);
- if ( (NULL != im) &&
- (GNUNET_OK !=
- GNUNET_STRINGS_string_to_data (im,
- strlen (im),
- &bc->old_backup_hash,
- sizeof (bc->old_backup_hash))) )
+ if (NULL != im)
{
- GNUNET_break_op (0);
- return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_BAD_REQUEST,
- TALER_EC_SYNC_BAD_IF_MATCH,
- NULL);
+ if ( (2 >= strlen (im)) ||
+ ('"' != im[0]) ||
+ ('"' != im[strlen (im) - 1]) ||
+ (GNUNET_OK !=
+ GNUNET_STRINGS_string_to_data (im + 1,
+ strlen (im) - 2,
+ &bc->old_backup_hash,
+ sizeof (bc->old_backup_hash))) )
+ {
+ GNUNET_break_op (0);
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_BAD_REQUEST,
+ TALER_EC_SYNC_BAD_IF_MATCH,
+ NULL);
+ }
}
}
{
@@ -811,9 +816,12 @@ SH_backup_post (struct MHD_Connection *connection,
MHD_HEADER_KIND,
MHD_HTTP_HEADER_IF_NONE_MATCH);
if ( (NULL == etag) ||
+ (2 >= strlen (etag)) ||
+ ('"' != etag[0]) ||
+ ('"' != etag[strlen (etag) - 1]) ||
(GNUNET_OK !=
- GNUNET_STRINGS_string_to_data (etag,
- strlen (etag),
+ GNUNET_STRINGS_string_to_data (etag + 1,
+ strlen (etag) - 2,
&bc->new_backup_hash,
sizeof (bc->new_backup_hash))) )
{
diff --git a/src/testing/testing_api_cmd_backup_download.c b/src/testing/testing_api_cmd_backup_download.c
@@ -94,6 +94,7 @@ backup_download_cb (void *cls,
TALER_TESTING_unexpected_status (bds->is,
dd->http_status,
bds->http_status);
+ return;
}
if (NULL != bds->upload_reference)
{
diff --git a/src/testing/testing_api_cmd_backup_upload.c b/src/testing/testing_api_cmd_backup_upload.c
@@ -140,6 +140,7 @@ backup_upload_cb (void *cls,
TALER_TESTING_unexpected_status (bus->is,
ud->http_status,
bus->http_status);
+ return;
}
switch (ud->us)
{
