[vlc-devel] [PATCH 1/3] Audioscrobbler: Update the handshake protocol to the version 2.0.
Rémi Duraffort
ivoire at videolan.org
Mon Feb 27 11:20:06 CET 2012
Hello,
same remark as ILEoo,
> +/*****************************************************************************
> + * BuildApiSig: generate the api signature
> + *****************************************************************************/
> +static char *BuildApiSig(vlc_array_t *p_params, const char *psz_api_secret)
> +{
[...]
> + i_len += 32; /* md5 hash of the api secret */
> +
> + psz_api_sig = malloc(i_len);
> + if (!psz_api_sig)
> + return NULL;
> +
> + /* build the api signature */
> + p_param = p_params->pp_elems[0];
> + sprintf(psz_api_sig, "%s%s", p_param->key, p_param->val);
> +
> + for (i = 1; i < p_params->i_count; i++)
> + {
> + p_param = p_params->pp_elems[i];
> + strcat(psz_api_sig, p_param->key);
> + strcat(psz_api_sig, p_param->val);
> + }
> +
> + /* concatenate the api secret key */
> + strcat(psz_api_sig, psz_api_secret);
If I read it correctly, you assume that psz_api_secret is of size 32 ?
As this is controled by the user it should be checked.
> +
> + /* generate a md5 hash of the api signature */
> + InitMD5(&p_struct_md5);
> + AddMD5(&p_struct_md5, (uint8_t*) psz_api_sig, strlen(psz_api_sig));
You should already know that size (no need to recompute the strlen).
Regards
--
Rémi Duraffort | ivoire
http://ivoire.dinauz.org/blog/
More information about the vlc-devel
mailing list