BUG/MINOR: http: http_auth_bearer fetch does not work on custom header name
The http_auth_bearer sample fetch can take a header name as parameter,
in which case it will try to extract a Bearer value out of the given
header name instead of the default "Authorization" one. In this case,
the extraction would not have worked because of a misuse of strncasecmp.
This patch fixes this by replacing the standard string functions by ist
ones.
It also properly manages the multiple spaces that could be found between
the scheme and its value.
No backport needed, that's part of JWT which is only in 2.5.
Co-authored-by: Tim Duesterhus <tim@bastelstu.be>
diff --git a/src/http_fetch.c b/src/http_fetch.c
index 2440574..aa4965d 100644
--- a/src/http_fetch.c
+++ b/src/http_fetch.c
@@ -1376,11 +1376,16 @@
ctx.blk = NULL;
if (http_find_header(htx, hdr_name, &ctx, 0)) {
- char *space = NULL;
- space = memchr(ctx.value.ptr, ' ', ctx.value.len);
- if (space && strncasecmp("Bearer", ctx.value.ptr, ctx.value.len) == 0) {
- chunk_initlen(&bearer_val, space+1, 0, ctx.value.len - (space - ctx.value.ptr) - 1);
- }
+ struct ist type = istsplit(&ctx.value, ' ');
+
+ /* There must be "at least" one space character between
+ * the scheme and the following value so ctx.value might
+ * still have leading spaces here (see RFC7235).
+ */
+ ctx.value = istskip(ctx.value, ' ');
+
+ if (isteqi(type, ist("Bearer")) && istlen(ctx.value))
+ chunk_initlen(&bearer_val, istptr(ctx.value), 0, istlen(ctx.value));
}
}
else {