1. analysis: The function first obtains the length of the authentication field, and then dynamically allocates memory. It copies data of the osip_www_authenticate_t type into a string. The target address is DEST, but the memory leakage is also a major risk.
2. Analysis: The function first adds the authentication information to the datagram text, and then adds the authentication information to the osip_list linked list, which will greatly facilitate the release of the function. Source code 1: Int Osip_www_authenticate_to_str (const osip_www_authenticate_t * wwwa, char ** DEST) { Size_t Len; Char * TMP;
* DEST = NULL; If (wwwa = NULL) | (wwwa-> auth_type = NULL )) Return osip_badparameter;
Len = strlen (wwwa-> auth_type) + 1;
If (wwwa-> realm! = NULL) Len = Len + strlen (wwwa-> realm) + 7; If (wwwa-> nonce! = NULL) Len = Len + strlen (wwwa-> nonce) + 8; Len = Len + 2; If (wwwa-> domain! = NULL) Len = Len + strlen (wwwa-> domain) + 9; If (wwwa-> opaque! = NULL) Len = Len + strlen (wwwa-> opaque) + 9; If (wwwa-> stale! = NULL) Len = Len + strlen (wwwa-> stale) + 8; If (wwwa-> algorithm! = NULL) Len = Len + strlen (wwwa-> algorithm) + 12; If (wwwa-> qop_options! = NULL) Len = Len + strlen (wwwa-> qop_options) + 6;
TMP = (char *) osip_malloc (LEN ); If (TMP = NULL) Return osip_nomem; * DEST = TMP;
TMP = osip_str_append (TMP, wwwa-> auth_type );
If (wwwa-> realm! = NULL) { TMP = osip_strn_append (TMP, "Realm =", 7 ); TMP = osip_str_append (TMP, wwwa-> realm ); } If (wwwa-> domain! = NULL) { TMP = osip_strn_append (TMP, ", domain =", 9 ); TMP = osip_str_append (TMP, wwwa-> domain ); } If (wwwa-> nonce! = NULL) { TMP = osip_strn_append (TMP, ", Nonce =", 8 ); TMP = osip_str_append (TMP, wwwa-> nonce ); } If (wwwa-> opaque! = NULL) { TMP = osip_strn_append (TMP, ", opaque =", 9 ); TMP = osip_str_append (TMP, wwwa-> opaque ); } If (wwwa-> stale! = NULL) { TMP = osip_strn_append (TMP, ", stale =", 8 ); TMP = osip_str_append (TMP, wwwa-> stale ); } If (wwwa-> algorithm! = NULL) { TMP = osip_strn_append (TMP, ", algorithm =", 12 ); TMP = osip_str_append (TMP, wwwa-> algorithm ); } If (wwwa-> qop_options! = NULL) { TMP = osip_strn_append (TMP, ", qop =", 6 ); TMP = osip_str_append (TMP, wwwa-> qop_options ); }
If (wwwa-> realm = NULL) { /* Remove comma */ Len = strlen (wwwa-> auth_type ); If (* DEST) [Len] = ',') (* DEST) [Len] = ''; }
Return osip_success;
} Source code 2: Int Osip_message_set_www_authenticate (osip_message_t * sip, const char * hvalue) { Osip_www_authenticate_t * www_authenticate; Int I;
If (hvalue = NULL | hvalue [0] = '\ 0 ') Return osip_success;
If (SIP = NULL) Return osip_badparameter; I = osip_www_authenticate_init (& www_authenticate ); If (I! = 0) Return I; I = osip_www_authenticate_parse (www_authenticate, hvalue ); If (I! = 0) { Osip_www_authenticate_free (www_authenticate ); Return I; } Sip-> message_property = 2; Osip_list_add (& sip-> www_authenticates, www_authenticate,-1 ); Return osip_success; } |