summaryrefslogtreecommitdiff
path: root/networking/wget.c
diff options
context:
space:
mode:
authorDenys Vlasenko2011-09-11 21:04:02 +0200
committerDenys Vlasenko2011-09-11 21:04:02 +0200
commitdd1061b6a79b0161597799e825bfefc27993ace5 (patch)
treef7099078291da669907c5e3f428c10af27a54417 /networking/wget.c
parent5126cf9a15f9e5c3986be0fc2743b63adcc6b1fb (diff)
downloadbusybox-dd1061b6a79b0161597799e825bfefc27993ace5.zip
busybox-dd1061b6a79b0161597799e825bfefc27993ace5.tar.gz
wget: URL-decode user:password before base64-encoding it into auth hdr. Closes 3625.
function old new delta percent_decode_in_place - 152 +152 parse_url 304 317 +13 handle_incoming_and_exit 2795 2798 +3 httpd_main 763 760 -3 decodeString 152 - -152 ------------------------------------------------------------------------------ (add/remove: 2/1 grow/shrink: 2/1 up/down: 168/-155) Total: 13 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking/wget.c')
-rw-r--r--networking/wget.c13
1 files changed, 6 insertions, 7 deletions
diff --git a/networking/wget.c b/networking/wget.c
index 6443705..94a2f7c 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -298,8 +298,13 @@ static void parse_url(const char *src_url, struct host_info *h)
sp = strrchr(h->host, '@');
if (sp != NULL) {
- h->user = h->host;
+ // URL-decode "user:password" string before base64-encoding:
+ // wget http://test:my%20pass@example.com should send
+ // Authorization: Basic dGVzdDpteSBwYXNz
+ // which decodes to "test:my pass".
+ // Standard wget and curl do this too.
*sp = '\0';
+ h->user = percent_decode_in_place(h->host, /*strict:*/ 0);
h->host = sp + 1;
}
@@ -660,12 +665,6 @@ static void download_one_url(const char *url)
#if ENABLE_FEATURE_WGET_AUTHENTICATION
if (target.user) {
-//TODO: URL-decode "user:password" string before base64-encoding:
-//wget http://test:my%20pass@example.com should send
-// Authorization: Basic dGVzdDpteSBwYXNz
-//which decodes to "test:my pass", instead of what we send now:
-// Authorization: Basic dGVzdDpteSUyMHBhc3M=
-//Can reuse decodeString() from httpd.c
fprintf(sfp, "Proxy-Authorization: Basic %s\r\n"+6,
base64enc(target.user));
}