From b38d399811a556b07a088ec05b947e56397e557b Mon Sep 17 00:00:00 2001 From: dequis Date: Mon, 24 Nov 2014 02:16:09 -0300 Subject: Use glib functions for base64 decoding/encoding This fixes several coverity warnings about 'tainted data index sink' and a fixme about thread safety in the old base64_decode implementation. Had to adapt the code that used base64_encode_real: - oauth.c: different character set order, but it's for the nonce so it doesn't matter - libyahoo2.c: used as part of the auth, changes "+/=" into "._-". Fixed by encoding first the usual way through glib, then replacing. --- lib/oauth.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'lib/oauth.c') diff --git a/lib/oauth.c b/lib/oauth.c index b18949f4..6bf8e4e0 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -75,13 +75,8 @@ static char *oauth_sign( const char *method, const char *url, static char *oauth_nonce() { unsigned char bytes[21]; - char *ret = g_new0( char, sizeof( bytes) / 3 * 4 + 1 ); - random_bytes( bytes, sizeof( bytes ) ); - base64_encode_real( bytes, sizeof( bytes), (unsigned char*) ret, "0123456789" - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0A" ); - - return ret; + return base64_encode( bytes, sizeof( bytes ) ); } void oauth_params_add( GSList **params, const char *key, const char *value ) -- cgit v1.2.3