[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 02/09: digestauth: when checking 'nc' reuse always check
|
From: |
gnunet |
|
Subject: |
[libmicrohttpd] 02/09: digestauth: when checking 'nc' reuse always check nonce match first |
|
Date: |
Sun, 01 May 2022 16:08:48 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit d6db60e373525134d4a71e8796c5748bf497829a
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Sun May 1 15:04:45 2022 +0300
digestauth: when checking 'nc' reuse always check nonce match first
While the validity of nonce itself was already checked, it could be stale
nonce, so let's make sure that re-use of 'nc' is limited to the same
nonce only.
---
src/microhttpd/digestauth.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 943f1eb5..ff13cf09 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -559,7 +559,8 @@ add_nonce (struct MHD_Connection *connection,
MHD_mutex_lock_chk_ (&daemon->nnc_lock);
memcpy (nn->nonce,
nonce,
- noncelen + 1);
+ noncelen);
+ nn->nonce[noncelen] = 0;
nn->nc = 0;
nn->nmask = 0;
MHD_mutex_unlock_chk_ (&daemon->nnc_lock);
@@ -612,20 +613,25 @@ check_nonce_nc (struct MHD_Connection *connection,
MHD_mutex_lock_chk_ (&daemon->nnc_lock);
+ if ( (0 != memcmp (nn->nonce, nonce, noncelen)) ||
+ (0 != nn->nonce[noncelen]) )
+ {
+ /* Nonce does not match, fail */
+ stale = true;
+ ret = MHD_NO;
+ }
/* Note that we use 64 here, as we do not store the
bit for 'nn->nc' itself in 'nn->nmask' */
- if ( (nc < nn->nc) &&
- (nc + 64 > nc /* checking for overflow */) &&
- (nc + 64 >= nn->nc) &&
- (0 == ((1LLU << (nn->nc - nc - 1)) & nn->nmask)) )
+ else if ( (nc < nn->nc) &&
+ (nc + 64 > nc /* checking for overflow */) &&
+ (nc + 64 >= nn->nc) &&
+ (0 == ((1LLU << (nn->nc - nc - 1)) & nn->nmask)) )
{
/* Out-of-order nonce, but within 64-bit bitmask, set bit */
nn->nmask |= (1LLU << (nn->nc - nc - 1));
ret = MHD_YES;
}
- else if ( (nc <= nn->nc) ||
- (0 != strcmp (nn->nonce,
- nonce)) )
+ else if (nc <= nn->nc)
{
/* Nonce does not match, fail */
stale = true;
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (06336118 -> 76b68f65), gnunet, 2022/05/01
- [libmicrohttpd] 04/09: check_nonce_nc(): simplified, gnunet, 2022/05/01
- [libmicrohttpd] 01/09: microhttpd.h: fixed list of required types, gnunet, 2022/05/01
- [libmicrohttpd] 02/09: digestauth: when checking 'nc' reuse always check nonce match first,
gnunet <=
- [libmicrohttpd] 03/09: struct MHD_NonceNc: improved doxy, gnunet, 2022/05/01
- [libmicrohttpd] 07/09: check_nonce_nc(): fixed missing set of the bit for the old 'nc' value, gnunet, 2022/05/01
- [libmicrohttpd] 06/09: check_nonce_nc(): moved 'nc' overflow check out of mutex lock, gnunet, 2022/05/01
- [libmicrohttpd] 05/09: check_nonce_nc(): improved readability, fixed comments, gnunet, 2022/05/01
- [libmicrohttpd] 09/09: check_nonce_nc(): sorted checks according to probability, gnunet, 2022/05/01
- [libmicrohttpd] 08/09: check_nonce_nc(): additionally improved readability, fixed comments, gnunet, 2022/05/01