diff --git a/src/cookies/cookies.c b/src/cookies/cookies.c index 27d059fb..3b29cd35 100644 --- a/src/cookies/cookies.c +++ b/src/cookies/cookies.c @@ -352,7 +352,7 @@ set_cookie(struct uri *uri, unsigned char *str) if (!parse_cookie_str(&cstr, str)) return; - switch (parse_header_param(str, "path", &path)) { + switch (parse_header_param(str, "path", &path, 0)) { unsigned char *path_end; case HEADER_PARAM_FOUND: @@ -381,7 +381,7 @@ set_cookie(struct uri *uri, unsigned char *str) return; } - if (parse_header_param(str, "domain", &domain) == HEADER_PARAM_NOT_FOUND) + if (parse_header_param(str, "domain", &domain, 0) == HEADER_PARAM_NOT_FOUND) domain = memacpy(uri->host, uri->hostlen); if (domain && domain[0] == '.') memmove(domain, domain + 1, strlen(domain)); @@ -424,7 +424,7 @@ set_cookie(struct uri *uri, unsigned char *str) unsigned char *date; time_t expires; - switch (parse_header_param(str, "expires", &date)) { + switch (parse_header_param(str, "expires", &date, 0)) { case HEADER_PARAM_FOUND: expires = parse_date(&date, NULL, 0, 1); /* Convert date to seconds. */ @@ -452,7 +452,7 @@ set_cookie(struct uri *uri, unsigned char *str) } } - cookie->secure = (parse_header_param(str, "secure", NULL) + cookie->secure = (parse_header_param(str, "secure", NULL, 0) == HEADER_PARAM_FOUND); #ifdef DEBUG_COOKIES diff --git a/src/document/renderer.c b/src/document/renderer.c index 9c00b52a..423e179c 100644 --- a/src/document/renderer.c +++ b/src/document/renderer.c @@ -609,7 +609,7 @@ get_convert_table(unsigned char *head, int to_cp, if (!a) break; - parse_header_param(a, "charset", &ct_charset); + parse_header_param(a, "charset", &ct_charset, 0); if (ct_charset) { cp_index = get_cp_index(ct_charset); mem_free(ct_charset); diff --git a/src/mime/mime.c b/src/mime/mime.c index a429cf04..d3734246 100644 --- a/src/mime/mime.c +++ b/src/mime/mime.c @@ -65,7 +65,7 @@ get_content_filename(struct uri *uri, struct cache_entry *cached) pos = parse_header(cached->head, "Content-Disposition", NULL); if (!pos) return NULL; - parse_header_param(pos, "filename", &filename); + parse_header_param(pos, "filename", &filename, 1); mem_free(pos); if (!filename) return NULL; diff --git a/src/protocol/header.c b/src/protocol/header.c index 17013473..ad5614a1 100644 --- a/src/protocol/header.c +++ b/src/protocol/header.c @@ -232,7 +232,7 @@ parse_header(unsigned char *head, const unsigned char *item, unsigned char **ptr * and cannot fail with HEADER_PARAM_OUT_OF_MEMORY. Some callers may * rely on this. */ enum parse_header_param -parse_header_param(unsigned char *str, unsigned char *name, unsigned char **ret) +parse_header_param(unsigned char *str, unsigned char *name, unsigned char **ret, int content_disposition) { unsigned char *p = str; int namelen, plen = 0; @@ -246,13 +246,16 @@ parse_header_param(unsigned char *str, unsigned char *name, unsigned char **ret) if (!*p) return HEADER_PARAM_NOT_FOUND; namelen = strlen(name); - do { + + if (!content_disposition) { +a: p = strchr((const char *)p, ';'); if (!p) return HEADER_PARAM_NOT_FOUND; + } + while (*p && (*p == ';' || *p <= ' ')) p++; - while (*p && (*p == ';' || *p <= ' ')) p++; - if (strlen(p) < namelen) return HEADER_PARAM_NOT_FOUND; - } while (c_strncasecmp(p, name, namelen)); + if (strlen(p) < namelen) return HEADER_PARAM_NOT_FOUND; + if (c_strncasecmp(p, name, namelen)) goto a; p += namelen; diff --git a/src/protocol/header.h b/src/protocol/header.h index 4643bfcb..0bcec5a0 100644 --- a/src/protocol/header.h +++ b/src/protocol/header.h @@ -10,7 +10,7 @@ enum parse_header_param { }; unsigned char *parse_header(unsigned char *, const unsigned char *, unsigned char **); -enum parse_header_param parse_header_param(unsigned char *, unsigned char *, unsigned char **); +enum parse_header_param parse_header_param(unsigned char *, unsigned char *, unsigned char **, int); unsigned char *get_header_param(unsigned char *, unsigned char *); #endif