Using mg_strcasestr() instead of strstr()

2025-08-06 05:26:15 +08:00 · 2013-02-16 14:17:38 +00:00 · 2013-02-16 14:17:38 +00:00 · 0bd43bcae3
commit 0bd43bcae3
parent b809665cad
2 changed files with 27 additions and 4 deletions
--- a/mongoose.c
+++ b/mongoose.c
@ -694,6 +694,18 @@ static char * mg_strdup(const char *str) {
  return mg_strndup(str, strlen(str));
 }

+static const char *mg_strcasestr(const char *big, const char *small) {
+  int i, big_len = strlen(big), small_len = strlen(small);
+
+  for (i = 0; i <= big_len - small_len; i++) {
+    if (mg_strncasecmp(big + i, small, small_len) == 0) {
+      return big + i;
+    }
+  }
+
+  return NULL;
+}
+
 // Like snprintf(), but never returns negative value, or a value
 // that is larger than a supplied buffer.
 // Thanks to Adam Zeldis to pointing snprintf()-caused vulnerability
@ -1716,7 +1728,7 @@ int mg_get_cookie(const struct mg_connection *conn, const char *cookie_name,
    end = s + strlen(s);
    dst[0] = '\0';

-    for (; (s = strstr(s, cookie_name)) != NULL; s += name_len) {
+    for (; (s = mg_strcasestr(s, cookie_name)) != NULL; s += name_len) {
      if (s[name_len] == '=') {
        s += name_len + 1;
        if ((p = strchr(s, ' ')) == NULL)
@ -3839,8 +3851,8 @@ static int is_websocket_request(const struct mg_connection *conn) {

  return host != NULL && upgrade != NULL && connection != NULL &&
    key != NULL && version != NULL &&
-    strstr(upgrade, "websocket") != NULL &&
-    strstr(connection, "Upgrade") != NULL;
+    mg_strcasestr(upgrade, "websocket") != NULL &&
+    mg_strcasestr(connection, "Upgrade") != NULL;
 }
 #endif // !USE_WEBSOCKET

@ -4070,7 +4082,8 @@ int mg_upload(struct mg_connection *conn, const char *destination_dir) {

  // Extract boundary string from the Content-Type header
  if ((content_type_header = mg_get_header(conn, "Content-Type")) == NULL ||
-      (boundary_start = strstr(content_type_header, "boundary=")) == NULL ||
+      (boundary_start = mg_strcasestr(content_type_header,
+                                      "boundary=")) == NULL ||
      (sscanf(boundary_start, "boundary=\"%99[^\"]\"", boundary) == 0 &&
       sscanf(boundary_start, "boundary=%99s", boundary) == 0) ||
      boundary[0] == '\0') {
--- a/test/unit_test.c
+++ b/test/unit_test.c
@ -589,7 +589,17 @@ static void test_url_decode(void) {
  ASSERT(strcmp(buf, "a ") == 0);
 }

+static void test_mg_strcasestr(void) {
+  static const char *big1 = "abcdef";
+  ASSERT(mg_strcasestr("Y", "X") == NULL);
+  ASSERT(mg_strcasestr("Y", "y") != NULL);
+  ASSERT(mg_strcasestr(big1, "X") == NULL);
+  ASSERT(mg_strcasestr(big1, "CD") == big1 + 2);
+  ASSERT(mg_strcasestr("aa", "AAB") == NULL);
+}
+
 int __cdecl main(void) {
+  test_mg_strcasestr();
  test_alloc_vprintf();
  test_base64_encode();
  test_match_prefix();