[libmicrohttpd] 04/09: check_nonce

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] 04/09: check_nonce_nc(): simplified

From:	gnunet
Subject:	[libmicrohttpd] 04/09: check_nonce_nc(): simplified
Date:	Sun, 01 May 2022 16:08:50 +0200

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit 628a28d6072acdfccf6237eca6743ac0caf7e921
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Sun May 1 15:34:25 2022 +0300

    check_nonce_nc(): simplified
    
    If 'nc' is not valid, then 'nonce' is always stale as 'nonce' validity
    has been checked already.
---
 src/microhttpd/digestauth.c | 39 +++++++++++++--------------------------
 1 file changed, 13 insertions(+), 26 deletions(-)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index ff13cf09..81e50785 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -578,7 +578,7 @@ add_nonce (struct MHD_Connection *connection,
  * @param nc The nonce counter, zero to add the nonce to the array
  * @return #MHD_YES if successful, #MHD_NO if invalid (or we have no NC array)
  */
-static enum MHD_Result
+static bool
 check_nonce_nc (struct MHD_Connection *connection,
                 const char *nonce,
                 size_t noncelen,
@@ -588,20 +588,18 @@ check_nonce_nc (struct MHD_Connection *connection,
   struct MHD_NonceNc *nn;
   uint32_t off;
   uint32_t mod;
-  enum MHD_Result ret;
-  bool stale;
+  bool ret;
 
-  stale = false;
   mhd_assert (noncelen != strlen (nonce));
   mhd_assert (0 != nc);
   if (MAX_NONCE_LENGTH < noncelen)
-    return MHD_NO; /* This should be impossible, but static analysis
+    return false; /* This should be impossible, but static analysis
                       tools have a hard time with it *and* this also
                       protects against unsafe modifications that may
                       happen in the future... */
   mod = daemon->nonce_nc_size;
   if (0 == mod)
-    return MHD_NO; /* no array! */
+    return false; /* no array! */
   /* HT lookup in nonce array */
   off = fast_simple_hash ((const uint8_t *) nonce, noncelen) % mod;
   /*
@@ -615,11 +613,7 @@ check_nonce_nc (struct MHD_Connection *connection,
 
   if ( (0 != memcmp (nn->nonce, nonce, noncelen)) ||
        (0 != nn->nonce[noncelen]) )
-  {
-    /* Nonce does not match, fail */
-    stale = true;
-    ret = MHD_NO;
-  }
+    ret = false;     /* Nonce does not match, fail */
   /* Note that we use 64 here, as we do not store the
      bit for 'nn->nc' itself in 'nn->nmask' */
   else if ( (nc < nn->nc) &&
@@ -629,14 +623,10 @@ check_nonce_nc (struct MHD_Connection *connection,
   {
     /* Out-of-order nonce, but within 64-bit bitmask, set bit */
     nn->nmask |= (1LLU << (nn->nc - nc - 1));
-    ret = MHD_YES;
+    ret = true;
   }
   else if (nc <= nn->nc)
-  {
-    /* Nonce does not match, fail */
-    stale = true;
-    ret = MHD_NO;
-  }
+    ret = false; /* Nonce does not match, fail */
   else
   {
     /* Nonce is larger, shift bitmask and bump limit */
@@ -645,16 +635,14 @@ check_nonce_nc (struct MHD_Connection *connection,
     else
       nn->nmask = 0;                /* big jump, unset all bits in the mask */
     nn->nc = nc;
-    ret = MHD_YES;
+    ret = true;
   }
   MHD_mutex_unlock_chk_ (&daemon->nnc_lock);
 #ifdef HAVE_MESSAGES
-  if (stale)
+  if (! ret)
     MHD_DLOG (daemon,
               _ ("Stale nonce received. If this happens a lot, you should "
                  "probably increase the size of the nonce array.\n"));
-#else
-  (void) stale; /* Mute compiler warning */
 #endif
   return ret;
 }
@@ -1081,11 +1069,10 @@ digest_auth_check_all (struct MHD_Connection 
*connection,
    * and not a replay attack attempt. Refuse if nonce was not
    * generated previously.
    */
-  if (MHD_NO ==
-      check_nonce_nc (connection,
-                      nonce,
-                      nonce_len,
-                      nci))
+  if (! check_nonce_nc (connection,
+                        nonce,
+                        nonce_len,
+                        nci))
   {
     return MHD_NO;
   }

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] branch master updated (06336118 -> 76b68f65), gnunet, 2022/05/01
- [libmicrohttpd] 04/09: check_nonce_nc(): simplified, gnunet <=
- [libmicrohttpd] 01/09: microhttpd.h: fixed list of required types, gnunet, 2022/05/01
- [libmicrohttpd] 02/09: digestauth: when checking 'nc' reuse always check nonce match first, gnunet, 2022/05/01
- [libmicrohttpd] 03/09: struct MHD_NonceNc: improved doxy, gnunet, 2022/05/01
- [libmicrohttpd] 07/09: check_nonce_nc(): fixed missing set of the bit for the old 'nc' value, gnunet, 2022/05/01
- [libmicrohttpd] 06/09: check_nonce_nc(): moved 'nc' overflow check out of mutex lock, gnunet, 2022/05/01
- [libmicrohttpd] 05/09: check_nonce_nc(): improved readability, fixed comments, gnunet, 2022/05/01
- [libmicrohttpd] 09/09: check_nonce_nc(): sorted checks according to probability, gnunet, 2022/05/01
- [libmicrohttpd] 08/09: check_nonce_nc(): additionally improved readability, fixed comments, gnunet, 2022/05/01

Prev by Date: [lsd0001] branch master updated: only if
Next by Date: [libmicrohttpd] 01/09: microhttpd.h: fixed list of required types
Previous by thread: [libmicrohttpd] branch master updated (06336118 -> 76b68f65)
Next by thread: [libmicrohttpd] 01/09: microhttpd.h: fixed list of required types
Index(es):
- Date
- Thread