[MPlayer-dev-eng] [PATCH 2/7] Use Proxy-Authorization instead of Authorization for proxy auth

Tue Nov 16 21:05:24 CET 2010

On Fri, Nov 12, 2010 at 10:40:57AM +0100, Clément Bœsch wrote:
> @@ -637,13 +637,13 @@ http_add_basic_authentication( HTTP_header_t *http_hdr, const char *username, co
>  
>  	b64_usr_pass[out_len]='\0';
>  
> -	auth = malloc(encoded_len+22);
> +	auth = malloc(encoded_len + strlen(auth_str) + sizeof(": Basic "));
>  	if( auth==NULL ) {
>  		mp_msg(MSGT_NETWORK,MSGL_FATAL,MSGTR_MemAllocFailed);
>  		goto out;
>  	}
>  
> -	sprintf( auth, "Authorization: Basic %s", b64_usr_pass);
> +	sprintf( auth, "%s: Basic %s", auth_str, b64_usr_pass);

I think their ok, though I think personally I'd feel slightly
more comfortable if it was something like
> buffer_len = encoded_len + 100; // arbitrary, large enough number
> malloc(buffer_len);
> snprintf(, buffer_len, ....);

While hard-coded is not that great, it avoids wasting CPU
time on strlen, and also the duplicated ": Basic " string
is a risk, and this way at least ensure there'll never be
a buffer overflow no matter what (not having to thing about
integer overflows, someone changing only one of those strings,
...).