-/*
- * Copyright 2001-2010 Internet2
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/* shibresponder.cpp - Shibboleth FastCGI Responder/Handler
string hdr=string("Status: 302 Please Wait\r\nLocation: ") + url + "\r\n"
"Content-Type: text/html\r\n"
"Content-Length: 40\r\n"
- "Expires: 01-Jan-1997 12:00:00 GMT\r\n"
- "Cache-Control: private,no-store,no-cache\r\n";
+ "Expires: Wed, 01 Jan 1997 12:00:00 GMT\r\n"
+ "Cache-Control: private,no-store,no-cache,max-age=0\r\n";
for (multimap<string,string>::const_iterator i=m_headers.begin(); i!=m_headers.end(); ++i)
hdr += i->first + ": " + i->second + "\r\n";
hdr += "\r\n";
if (clen > STDIN_MAX)
clen = STDIN_MAX;
- *content = new char[clen];
+ *content = new char[clen + 1];
cin.read(*content, clen);
clen = cin.gcount();
+ (*content)[clen] = 0;
}
else {
// *never* read stdin when CONTENT_LENGTH is missing or unparsable
// Although FastCGI supports writing before reading,
// many http clients (browsers) don't support it (so
// the connection deadlocks until a timeout expires!).
- char* content;
+ char* content = nullptr;
gstdin(&request, &content);
+ auto_arrayptr<char> wrapper(content);
try {
xmltooling::NDC ndc("FastCGI shibresponder");
print_error("<html><body>FastCGI Shibboleth responder caught an exception, check log for details.</body></html>");
}
- delete[] content;
-
// If the output streambufs had non-zero bufsizes and
// were constructed outside of the accept loop (i.e.
// their destructor won't be called here), they would