| 218 | } |
| 219 | |
| 220 | static size_t fwrite_wwwauth(char *ptr, size_t eltsize, size_t nmemb, void *p MAYBE_UNUSED) |
| 221 | { |
| 222 | size_t size = eltsize * nmemb; |
| 223 | struct strvec *values = &http_auth.wwwauth_headers; |
| 224 | struct strbuf buf = STRBUF_INIT; |
| 225 | const char *val; |
| 226 | size_t val_len; |
| 227 | |
| 228 | /* |
| 229 | * Header lines may not come NULL-terminated from libcurl so we must |
| 230 | * limit all scans to the maximum length of the header line, or leverage |
| 231 | * strbufs for all operations. |
| 232 | * |
| 233 | * In addition, it is possible that header values can be split over |
| 234 | * multiple lines as per RFC 7230. 'Line folding' has been deprecated |
| 235 | * but older servers may still emit them. A continuation header field |
| 236 | * value is identified as starting with a space or horizontal tab. |
| 237 | * |
| 238 | * The formal definition of a header field as given in RFC 7230 is: |
| 239 | * |
| 240 | * header-field = field-name ":" OWS field-value OWS |
| 241 | * |
| 242 | * field-name = token |
| 243 | * field-value = *( field-content / obs-fold ) |
| 244 | * field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ] |
| 245 | * field-vchar = VCHAR / obs-text |
| 246 | * |
| 247 | * obs-fold = CRLF 1*( SP / HTAB ) |
| 248 | * ; obsolete line folding |
| 249 | * ; see Section 3.2.4 |
| 250 | */ |
| 251 | |
| 252 | /* Start of a new WWW-Authenticate header */ |
| 253 | if (skip_iprefix_mem(ptr, size, "www-authenticate:", &val, &val_len)) { |
| 254 | strbuf_add(&buf, val, val_len); |
| 255 | |
| 256 | /* |
| 257 | * Strip the CRLF that should be present at the end of each |
| 258 | * field as well as any trailing or leading whitespace from the |
| 259 | * value. |
| 260 | */ |
| 261 | strbuf_trim(&buf); |
| 262 | |
| 263 | strvec_push(values, buf.buf); |
| 264 | http_auth.header_is_last_match = 1; |
| 265 | goto exit; |
| 266 | } |
| 267 | |
| 268 | /* |
| 269 | * This line could be a continuation of the previously matched header |
| 270 | * field. If this is the case then we should append this value to the |
| 271 | * end of the previously consumed value. |
| 272 | */ |
| 273 | if (http_auth.header_is_last_match && is_hdr_continuation(ptr, size)) { |
| 274 | /* |
| 275 | * Trim the CRLF and any leading or trailing from this line. |
| 276 | */ |
| 277 | strbuf_add(&buf, ptr, size); |
nothing calls this directly
no test coverage detected