From 013c4aee3af3c524f97f33b8be121005dc89715c Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Thu, 10 Jun 2021 15:45:08 -0700
Subject: [PATCH] Fix Fortinet realm name extraction

1. We were inadvertently capturing 6 characters following the 'realm'
   parameter in the query string (e.g.  '&lang=').  Fix and include extra
   parameters in tests to verify.
2. Add another comment about how the 'realm' field is saved in URL-escaped
   form, and test to verify.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 fortinet.c                     | 2 +-
 tests/fake-fortinet-server.py  | 2 +-
 tests/fortinet-auth-and-config | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/fortinet.c b/fortinet.c
index d7ce369d..75b17813 100644
--- a/fortinet.c
+++ b/fortinet.c
@@ -124,7 +124,7 @@ int fortinet_obtain_cookie(struct openconnect_info *vpninfo)
 		for (realm = strchr(vpninfo->urlpath, '?'); realm && *++realm; realm=strchr(realm, '&')) {
 			if (!strncmp(realm, "realm=", 6)) {
 				const char *end = strchrnul(realm+1, '&');
-				realm = strndup(realm+6, end-realm);
+				realm = strndup(realm+6, end-realm-6);
 				vpn_progress(vpninfo, PRG_INFO, _("Got login realm '%s'\n"), realm);
 				break;
 			}
diff --git a/tests/fake-fortinet-server.py b/tests/fake-fortinet-server.py
index 8dd636fb..07079bfa 100755
--- a/tests/fake-fortinet-server.py
+++ b/tests/fake-fortinet-server.py
@@ -90,7 +90,7 @@ def realm(realm=None):
     session.update(step='GET-realm', want_2fa=int(request.args.get('want_2fa', 0)))
     # print(session)
     if realm:
-        return redirect(url_for('login', realm=realm))
+        return redirect(url_for('login', realm=realm, lang='en'))
     else:
         return login()
 
diff --git a/tests/fortinet-auth-and-config b/tests/fortinet-auth-and-config
index e569bebd..32c1cb43 100755
--- a/tests/fortinet-auth-and-config
+++ b/tests/fortinet-auth-and-config
@@ -60,7 +60,7 @@ echo -n "Authenticating with username/password/(2 round of token) and DEFAULT pa
 echo ok
 
 echo -n "Authenticating with username/password/token and NON-DEFAULT path... "
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=fortinet -q $ADDRESS:443/fakeRealm?want_2fa=1 -u test --token-mode=totp --token-secret=FAKE $FINGERPRINT --pfs --cookieonly >/dev/null 2>&1) ||
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=fortinet -q $ADDRESS:443/fake+Realm?want_2fa=1 -u test --token-mode=totp --token-secret=FAKE $FINGERPRINT --pfs --cookieonly --dump) ||
     fail $PID "Could not receive cookie from fake Fortinet server"
 
 echo ok
-- 
2.49.0