X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=fastcgi%2Fshibresponder.cpp;h=32afe8e88f483bb0f21015d3be800b46996d2922;hb=HEAD;hp=27091870cd38b4f43af49a2ce427f3f8d45e2982;hpb=db2b0568bef31c09a03238005c6871d1ab8637b5;p=shibboleth%2Fcpp-sp.git diff --git a/fastcgi/shibresponder.cpp b/fastcgi/shibresponder.cpp index 2709187..32afe8e 100644 --- a/fastcgi/shibresponder.cpp +++ b/fastcgi/shibresponder.cpp @@ -72,7 +72,7 @@ class ShibTargetFCGI : public AbstractSPRequest public: ShibTargetFCGI(FCGX_Request* req, char* post_data, const char* scheme=nullptr, const char* hostname=nullptr, int port=0) - : AbstractSPRequest(SHIBSP_LOGCAT".FastCGI"), m_req(req), m_body(post_data) { + : AbstractSPRequest(SHIBSP_LOGCAT ".FastCGI"), m_req(req), m_body(post_data) { const char* server_name_str = hostname; if (!server_name_str || !*server_name_str) @@ -150,11 +150,13 @@ public: void setResponseHeader(const char* name, const char* value) { HTTPResponse::setResponseHeader(name, value); - // Set for later. - if (value) - m_headers.insert(make_pair(name,value)); - else - m_headers.erase(name); + if (name) { + // Set for later. + if (value) + m_headers.insert(make_pair(name,value)); + else + m_headers.erase(name); + } } const char* getQueryString() const { @@ -192,8 +194,8 @@ public: string hdr=string("Status: 302 Please Wait\r\nLocation: ") + url + "\r\n" "Content-Type: text/html\r\n" "Content-Length: 40\r\n" - "Expires: 01-Jan-1997 12:00:00 GMT\r\n" - "Cache-Control: private,no-store,no-cache\r\n"; + "Expires: Wed, 01 Jan 1997 12:00:00 GMT\r\n" + "Cache-Control: private,no-store,no-cache,max-age=0\r\n"; for (multimap::const_iterator i=m_headers.begin(); i!=m_headers.end(); ++i) hdr += i->first + ": " + i->second + "\r\n"; hdr += "\r\n"; @@ -248,10 +250,11 @@ static long gstdin(FCGX_Request* request, char** content) if (clen > STDIN_MAX) clen = STDIN_MAX; - *content = new char[clen]; + *content = new char[clen + 1]; cin.read(*content, clen); clen = cin.gcount(); + (*content)[clen] = 0; } else { // *never* read stdin when CONTENT_LENGTH is missing or unparsable @@ -343,8 +346,9 @@ int main(void) // Although FastCGI supports writing before reading, // many http clients (browsers) don't support it (so // the connection deadlocks until a timeout expires!). - char* content; + char* content = nullptr; gstdin(&request, &content); + auto_arrayptr wrapper(content); try { xmltooling::NDC ndc("FastCGI shibresponder"); @@ -384,8 +388,6 @@ int main(void) print_error("FastCGI Shibboleth responder caught an exception, check log for details."); } - delete[] content; - // If the output streambufs had non-zero bufsizes and // were constructed outside of the accept loop (i.e. // their destructor won't be called here), they would