summaryrefslogtreecommitdiffstats
path: root/net/http/http_auth.cc
diff options
context:
space:
mode:
Diffstat (limited to 'net/http/http_auth.cc')
-rw-r--r--net/http/http_auth.cc13
1 files changed, 8 insertions, 5 deletions
diff --git a/net/http/http_auth.cc b/net/http/http_auth.cc
index 83da9ad..540edf9 100644
--- a/net/http/http_auth.cc
+++ b/net/http/http_auth.cc
@@ -84,6 +84,9 @@ void HttpAuth::ChallengeTokenizer::Init(std::string::const_iterator begin,
// name="value"
// name=value
// name=
+// Due to buggy implementations found in some embedded devices, we also
+// accept values with missing close quotemark (http://crbug.com/39836):
+// name="value
bool HttpAuth::ChallengeTokenizer::GetNext() {
if (!props_.GetNext())
return false;
@@ -123,13 +126,13 @@ bool HttpAuth::ChallengeTokenizer::GetNext() {
name_end_ = equals;
value_begin_ = equals + 1;
+ value_is_quoted_ = false;
if (value_begin_ != value_end_ && HttpUtil::IsQuote(*value_begin_)) {
// Trim surrounding quotemarks off the value
- if (*value_begin_ != *(value_end_ - 1))
- return valid_ = false; // Malformed -- mismatching quotes.
- value_is_quoted_ = true;
- } else {
- value_is_quoted_ = false;
+ if (*value_begin_ != *(value_end_ - 1) || value_begin_ + 1 == value_end_)
+ value_begin_ = equals + 2; // Gracefully recover from mismatching quotes.
+ else
+ value_is_quoted_ = true;
}
return true;
}
generated by cgit v1.1 at 2025-02-08 04:41:06 +0000