diff options
| author | dequis <dx@dxzone.com.ar> | 2014-11-24 02:16:09 -0300 |
|---|---|---|
| committer | dequis <dx@dxzone.com.ar> | 2014-11-24 02:16:09 -0300 |
| commit | b38d399811a556b07a088ec05b947e56397e557b (patch) | |
| tree | 2a7996e3f726f7403d8f626119d0d015ea1290bc /lib/oauth.c | |
| parent | e2472ddb562e9118ed607b5938c7797af6a79e0c (diff) | |
Use glib functions for base64 decoding/encoding
This fixes several coverity warnings about 'tainted data index sink' and
a fixme about thread safety in the old base64_decode implementation.
Had to adapt the code that used base64_encode_real:
- oauth.c: different character set order, but it's for the nonce so it
doesn't matter
- libyahoo2.c: used as part of the auth, changes "+/=" into "._-".
Fixed by encoding first the usual way through glib, then replacing.
Diffstat (limited to 'lib/oauth.c')
| -rw-r--r-- | lib/oauth.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/lib/oauth.c b/lib/oauth.c index b18949f4..6bf8e4e0 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -75,13 +75,8 @@ static char *oauth_sign( const char *method, const char *url, static char *oauth_nonce() { unsigned char bytes[21]; - char *ret = g_new0( char, sizeof( bytes) / 3 * 4 + 1 ); - random_bytes( bytes, sizeof( bytes ) ); - base64_encode_real( bytes, sizeof( bytes), (unsigned char*) ret, "0123456789" - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0A" ); - - return ret; + return base64_encode( bytes, sizeof( bytes ) ); } void oauth_params_add( GSList **params, const char *key, const char *value ) |