Message ID | 20170325143100.13597-2-micahgalizia@gmail.com |
---|---|
State | Superseded |
Headers | show |
On Sat, 25 Mar 2017 10:31:00 -0400 Micah Galizia <micahgalizia@gmail.com> wrote: > Signed-off-by: Micah Galizia <micahgalizia@gmail.com> > --- > libavformat/http.c | 43 +++++++++++++++++++++++++++++++++++++++---- > 1 file changed, 39 insertions(+), 4 deletions(-) > > diff --git a/libavformat/http.c b/libavformat/http.c > index 293a8a7..f7d1925 100644 > --- a/libavformat/http.c > +++ b/libavformat/http.c > @@ -29,6 +29,7 @@ > #include "libavutil/avstring.h" > #include "libavutil/opt.h" > #include "libavutil/time.h" > +#include "libavutil/parseutils.h" > > #include "avformat.h" > #include "http.h" > @@ -48,6 +49,8 @@ > #define MAX_REDIRECTS 8 > #define HTTP_SINGLE 1 > #define HTTP_MUTLI 2 > +#define MAX_EXPIRY 30 > +#define WHITESPACES " \n\t\r" > typedef enum { > LOWER_PROTO, > READ_HEADERS, > @@ -877,15 +880,20 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path, > > *cookies = NULL; > while ((cookie = av_strtok(set_cookies, "\n", &next))) { > - int domain_offset = 0; > + int domain_offset = 0, expired = 0; > char *param, *next_param, *cdomain = NULL, *cpath = NULL, *cvalue = NULL; > + char exp_buf[MAX_EXPIRY]; > set_cookies = NULL; > > // store the cookie in a dict in case it is updated in the response > if (parse_cookie(s, cookie, &s->cookie_dict)) > av_log(s, AV_LOG_WARNING, "Unable to parse '%s'\n", cookie); > > - while ((param = av_strtok(cookie, "; ", &next_param))) { > + while ((param = av_strtok(cookie, ";", &next_param))) { > + > + // move past any leading whitespace > + param += strspn(param, WHITESPACES); > + > if (cookie) { > // first key-value pair is the actual cookie value > cvalue = av_strdup(param); > @@ -899,6 +907,33 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path, > int leading_dot = (param[7] == '.'); > av_free(cdomain); > cdomain = av_strdup(¶m[7+leading_dot]); > + } else if (!av_strncasecmp("expires=", param, 8)) { > + int i, j, exp_len; > + struct tm tm_buf = {0}; > + char *expiry = ¶m[8]; > + > + // strip off any punctuation or whitespace > + exp_len = strlen(expiry); > + for (i = 0, j = 0; i < exp_len; i++) { > + if ((expiry[i] >= '0' && expiry[i] <= '9') || > + (expiry[i] >= 'A' && expiry[i] <= 'Z') || > + (expiry[i] >= 'a' && expiry[i] <= 'z')) { > + exp_buf[j] = expiry[i]; > + j++; > + } > + } > + exp_buf[j] = '\0'; This can overflow sizeof(exp_buf). > + > + // move the string beyond the day of week > + i = 0; > + while ((exp_buf[i] < '0' || exp_buf[i] > '9') && (i < j)) > + i++; > + > + if (av_small_strptime(&exp_buf[i], "%d%b%Y%H%M%SGMT", &tm_buf)) { > + time_t now = av_gettime() / 1000000; I don't know if av_gettime() has the same time base... > + if (av_timegm(&tm_buf) < now) > + expired = 1; > + } > } else { > // ignore unknown attributes > } > @@ -907,9 +942,9 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path, > cdomain = av_strdup(domain); > > // ensure all of the necessary values are valid > - if (!cdomain || !cpath || !cvalue) { > + if (expired || !cdomain || !cpath || !cvalue ) { > av_log(s, AV_LOG_WARNING, > - "Invalid cookie found, no value, path or domain specified\n"); > + "Invalid cookie found, expired or no value, path or domain specified\n"); > goto done_cookie; > } >
On Sat, Mar 25, 2017 at 10:51 AM, wm4 <nfxjfg@googlemail.com> wrote: <SNIP> > This can overflow sizeof(exp_buf). Sorry, new patch cleans that up. >> + >> + // move the string beyond the day of week >> + i = 0; >> + while ((exp_buf[i] < '0' || exp_buf[i] > '9') && (i < j)) >> + i++; >> + >> + if (av_small_strptime(&exp_buf[i], "%d%b%Y%H%M%SGMT", &tm_buf)) { >> + time_t now = av_gettime() / 1000000; > > I don't know if av_gettime() has the same time base... I had to double-check but I think it's correct as it is. The av_gettime() is based on the time since the epoch, which is already in GMT/UTC. The cookies timestamp is also expressed in GMT/UTC per the HTTP spec (and per av_timegm), so I believe these are comparable. If you were not talking about the timezones when you said "same base", I'm not entirely sure what you're getting at. I tested on my system and av_gettime()/1000000 returns the same value as time(NULL). Thanks again.
diff --git a/libavformat/http.c b/libavformat/http.c index 293a8a7..f7d1925 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -29,6 +29,7 @@ #include "libavutil/avstring.h" #include "libavutil/opt.h" #include "libavutil/time.h" +#include "libavutil/parseutils.h" #include "avformat.h" #include "http.h" @@ -48,6 +49,8 @@ #define MAX_REDIRECTS 8 #define HTTP_SINGLE 1 #define HTTP_MUTLI 2 +#define MAX_EXPIRY 30 +#define WHITESPACES " \n\t\r" typedef enum { LOWER_PROTO, READ_HEADERS, @@ -877,15 +880,20 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path, *cookies = NULL; while ((cookie = av_strtok(set_cookies, "\n", &next))) { - int domain_offset = 0; + int domain_offset = 0, expired = 0; char *param, *next_param, *cdomain = NULL, *cpath = NULL, *cvalue = NULL; + char exp_buf[MAX_EXPIRY]; set_cookies = NULL; // store the cookie in a dict in case it is updated in the response if (parse_cookie(s, cookie, &s->cookie_dict)) av_log(s, AV_LOG_WARNING, "Unable to parse '%s'\n", cookie); - while ((param = av_strtok(cookie, "; ", &next_param))) { + while ((param = av_strtok(cookie, ";", &next_param))) { + + // move past any leading whitespace + param += strspn(param, WHITESPACES); + if (cookie) { // first key-value pair is the actual cookie value cvalue = av_strdup(param); @@ -899,6 +907,33 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path, int leading_dot = (param[7] == '.'); av_free(cdomain); cdomain = av_strdup(¶m[7+leading_dot]); + } else if (!av_strncasecmp("expires=", param, 8)) { + int i, j, exp_len; + struct tm tm_buf = {0}; + char *expiry = ¶m[8]; + + // strip off any punctuation or whitespace + exp_len = strlen(expiry); + for (i = 0, j = 0; i < exp_len; i++) { + if ((expiry[i] >= '0' && expiry[i] <= '9') || + (expiry[i] >= 'A' && expiry[i] <= 'Z') || + (expiry[i] >= 'a' && expiry[i] <= 'z')) { + exp_buf[j] = expiry[i]; + j++; + } + } + exp_buf[j] = '\0'; + + // move the string beyond the day of week + i = 0; + while ((exp_buf[i] < '0' || exp_buf[i] > '9') && (i < j)) + i++; + + if (av_small_strptime(&exp_buf[i], "%d%b%Y%H%M%SGMT", &tm_buf)) { + time_t now = av_gettime() / 1000000; + if (av_timegm(&tm_buf) < now) + expired = 1; + } } else { // ignore unknown attributes } @@ -907,9 +942,9 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path, cdomain = av_strdup(domain); // ensure all of the necessary values are valid - if (!cdomain || !cpath || !cvalue) { + if (expired || !cdomain || !cpath || !cvalue ) { av_log(s, AV_LOG_WARNING, - "Invalid cookie found, no value, path or domain specified\n"); + "Invalid cookie found, expired or no value, path or domain specified\n"); goto done_cookie; }
Signed-off-by: Micah Galizia <micahgalizia@gmail.com> --- libavformat/http.c | 43 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 39 insertions(+), 4 deletions(-)