Browse code

core/parser: fix loop on broken values matching the prefix of a good value in parse_option_tag_body()

- reported by Savolainen Dmitri, FS#396

Daniel-Constantin Mierla authored on 21/02/2014 14:37:24
Showing 1 changed files
... ...
@@ -84,6 +84,7 @@ static inline int parse_option_tag_body(str *body, unsigned int *tags)
84 84
 	register char* p;
85 85
 	register unsigned int val;
86 86
 	int len, pos = 0;
87
+	int case_found;
87 88
 
88 89
 	*tags = 0;
89 90
 
... ...
@@ -95,6 +96,7 @@ static inline int parse_option_tag_body(str *body, unsigned int *tags)
95 96
 		for (; pos < len && IS_DELIM(p); ++pos, ++p);
96 97
 
97 98
 		val = LOWER_DWORD(READ(p));
99
+		case_found = 0;
98 100
 		switch (val) {
99 101
 
100 102
 			/* "path" */
... ...
@@ -102,6 +104,7 @@ static inline int parse_option_tag_body(str *body, unsigned int *tags)
102 104
 				if(pos + 4 <= len && IS_DELIM(p+4)) {
103 105
 					*tags |= F_OPTION_TAG_PATH;
104 106
 					pos += 5; p += 5;
107
+					case_found = 1;
105 108
 				}
106 109
 				break;
107 110
 
... ...
@@ -113,6 +116,7 @@ static inline int parse_option_tag_body(str *body, unsigned int *tags)
113 116
 					*tags |= F_OPTION_TAG_100REL;
114 117
 					pos += OPTION_TAG_100REL_LEN + 1;
115 118
 					p   += OPTION_TAG_100REL_LEN + 1;
119
+					case_found = 1;
116 120
 				}
117 121
 				break;
118 122
 
... ...
@@ -123,37 +127,37 @@ static inline int parse_option_tag_body(str *body, unsigned int *tags)
123 127
 					*tags |= F_OPTION_TAG_TIMER;
124 128
 					pos += OPTION_TAG_TIMER_LEN + 1;
125 129
 					p   += OPTION_TAG_TIMER_LEN + 1;
130
+					case_found = 1;
126 131
 				}
127 132
 				break;
128
-
133
+		}
134
+		if(case_found==0) {
129 135
 			/* extra require or unknown */
130
-			default:
131
-				if(pos+OPTION_TAG_EVENTLIST_LEN<=len
132
-						&& strncasecmp(p, OPTION_TAG_EVENTLIST_STR,
133
-							OPTION_TAG_EVENTLIST_LEN)==0
134
-						&& IS_DELIM(p+OPTION_TAG_EVENTLIST_LEN) ) {
135
-					*tags |= F_OPTION_TAG_EVENTLIST;
136
-					pos += OPTION_TAG_EVENTLIST_LEN + 1;
137
-					p   += OPTION_TAG_EVENTLIST_LEN + 1;
138
-				} else if(pos+OPTION_TAG_GRUU_LEN<=len
139
-						&& strncasecmp(p, OPTION_TAG_GRUU_STR,
140
-							OPTION_TAG_GRUU_LEN)==0
141
-						&& IS_DELIM(p+OPTION_TAG_GRUU_LEN)) {
142
-					*tags |= F_OPTION_TAG_GRUU;
143
-					pos += OPTION_TAG_GRUU_LEN + 1;
144
-					p   += OPTION_TAG_GRUU_LEN + 1;
145
-				} else if(pos+OPTION_TAG_OUTBOUND_LEN<=len
146
-						&& strncasecmp(p, OPTION_TAG_OUTBOUND_STR,
147
-							OPTION_TAG_OUTBOUND_LEN)==0
148
-						&& IS_DELIM(p+OPTION_TAG_OUTBOUND_LEN)) {
149
-					*tags |= F_OPTION_TAG_OUTBOUND;
150
-					pos += OPTION_TAG_OUTBOUND_LEN + 1;
151
-					p   += OPTION_TAG_OUTBOUND_LEN + 1;
152
-				} else {
153
-					/* skip element */
154
-					for (; pos < len && !IS_DELIM(p); ++pos, ++p);
155
-				}
156
-				break;
136
+			if(pos+OPTION_TAG_EVENTLIST_LEN<=len
137
+					&& strncasecmp(p, OPTION_TAG_EVENTLIST_STR,
138
+						OPTION_TAG_EVENTLIST_LEN)==0
139
+					&& IS_DELIM(p+OPTION_TAG_EVENTLIST_LEN) ) {
140
+				*tags |= F_OPTION_TAG_EVENTLIST;
141
+				pos += OPTION_TAG_EVENTLIST_LEN + 1;
142
+				p   += OPTION_TAG_EVENTLIST_LEN + 1;
143
+			} else if(pos+OPTION_TAG_GRUU_LEN<=len
144
+					&& strncasecmp(p, OPTION_TAG_GRUU_STR,
145
+						OPTION_TAG_GRUU_LEN)==0
146
+					&& IS_DELIM(p+OPTION_TAG_GRUU_LEN)) {
147
+				*tags |= F_OPTION_TAG_GRUU;
148
+				pos += OPTION_TAG_GRUU_LEN + 1;
149
+				p   += OPTION_TAG_GRUU_LEN + 1;
150
+			} else if(pos+OPTION_TAG_OUTBOUND_LEN<=len
151
+					&& strncasecmp(p, OPTION_TAG_OUTBOUND_STR,
152
+						OPTION_TAG_OUTBOUND_LEN)==0
153
+					&& IS_DELIM(p+OPTION_TAG_OUTBOUND_LEN)) {
154
+				*tags |= F_OPTION_TAG_OUTBOUND;
155
+				pos += OPTION_TAG_OUTBOUND_LEN + 1;
156
+				p   += OPTION_TAG_OUTBOUND_LEN + 1;
157
+			} else {
158
+				/* unknown (not needed) - skip element */
159
+				for (; pos < len && !IS_DELIM(p); ++pos, ++p);
160
+			}
157 161
 		}
158 162
 	}
159 163