[libmicrohttpd] branch master updated (06336118 -> 76b68f65)

[gnunet]

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a change to branch master
in repository libmicrohttpd.

    from 06336118 digestauth: do not add nonce from client, if it was not 
generated by MHD
     new f84c4d60 microhttpd.h: fixed list of required types
     new d6db60e3 digestauth: when checking 'nc' reuse always check nonce match 
first
     new 303cc226 struct MHD_NonceNc: improved doxy
     new 628a28d6 check_nonce_nc(): simplified
     new a3527f08 check_nonce_nc(): improved readability, fixed comments
     new 8457dfc7 check_nonce_nc(): moved 'nc' overflow check out of mutex lock
     new f4734624 check_nonce_nc(): fixed missing set of the bit for the old 
'nc' value
     new c0bb909f check_nonce_nc(): additionally improved readability, fixed 
comments
     new 76b68f65 check_nonce_nc(): sorted checks according to probability

The 9 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 src/include/microhttpd.h    |  8 ++---
 src/microhttpd/digestauth.c | 88 +++++++++++++++++++++++++--------------------
 src/microhttpd/internal.h   |  8 +++--
 3 files changed, 59 insertions(+), 45 deletions(-)

diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 8f89eba0..f209587b 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -96,12 +96,12 @@ extern "C"
  * they are parsed as decimal numbers.
  * Example: 0x01093001 = 1.9.30-1.
  */
-#define MHD_VERSION 0x00097510
+#define MHD_VERSION 0x00097511
 
 /* If generic headers don't work on your platform, include headers
-   which define 'va_list', 'size_t', 'ssize_t', 'intptr_t',
-   'uint16_t', 'uint32_t', 'uint64_t', 'int64_t', 'off_t', 'struct sockaddr',
-   'socklen_t', 'fd_set' and "#define MHD_PLATFORM_H" before
+   which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
+   'uint8_t', 'uint16_t', 'int32_t', 'uint32_t', 'int64_t', 'uint64_t',
+   'struct sockaddr', 'socklen_t', 'fd_set' and "#define MHD_PLATFORM_H" before
    including "microhttpd.h". Then the following "standard"
    includes won't be used (which might be a good idea, especially
    on platforms where they do not exist).
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 943f1eb5..78db203e 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -559,7 +559,8 @@ add_nonce (struct MHD_Connection *connection,
   MHD_mutex_lock_chk_ (&daemon->nnc_lock);
   memcpy (nn->nonce,
           nonce,
-          noncelen + 1);
+          noncelen);
+  nn->nonce[noncelen] = 0;
   nn->nc = 0;
   nn->nmask = 0;
   MHD_mutex_unlock_chk_ (&daemon->nnc_lock);
@@ -577,7 +578,7 @@ add_nonce (struct MHD_Connection *connection,
  * @param nc The nonce counter, zero to add the nonce to the array
  * @return #MHD_YES if successful, #MHD_NO if invalid (or we have no NC array)
  */
-static enum MHD_Result
+static bool
 check_nonce_nc (struct MHD_Connection *connection,
                 const char *nonce,
                 size_t noncelen,
@@ -587,20 +588,21 @@ check_nonce_nc (struct MHD_Connection *connection,
   struct MHD_NonceNc *nn;
   uint32_t off;
   uint32_t mod;
-  enum MHD_Result ret;
-  bool stale;
+  bool ret;
 
-  stale = false;
   mhd_assert (noncelen != strlen (nonce));
   mhd_assert (0 != nc);
   if (MAX_NONCE_LENGTH < noncelen)
-    return MHD_NO; /* This should be impossible, but static analysis
+    return false; /* This should be impossible, but static analysis
                       tools have a hard time with it *and* this also
                       protects against unsafe modifications that may
                       happen in the future... */
   mod = daemon->nonce_nc_size;
   if (0 == mod)
-    return MHD_NO; /* no array! */
+    return false;  /* no array! */
+  if (nc + 64 < nc)
+    return false;  /* Overflow, unrealistically high value */
+
   /* HT lookup in nonce array */
   off = fast_simple_hash ((const uint8_t *) nonce, noncelen) % mod;
   /*
@@ -612,43 +614,52 @@ check_nonce_nc (struct MHD_Connection *connection,
 
   MHD_mutex_lock_chk_ (&daemon->nnc_lock);
 
-  /* Note that we use 64 here, as we do not store the
-     bit for 'nn->nc' itself in 'nn->nmask' */
-  if ( (nc < nn->nc) &&
-       (nc + 64 > nc /* checking for overflow */) &&
-       (nc + 64 >= nn->nc) &&
-       (0 == ((1LLU << (nn->nc - nc - 1)) & nn->nmask)) )
-  {
-    /* Out-of-order nonce, but within 64-bit bitmask, set bit */
-    nn->nmask |= (1LLU << (nn->nc - nc - 1));
-    ret = MHD_YES;
-  }
-  else if ( (nc <= nn->nc) ||
-            (0 != strcmp (nn->nonce,
-                          nonce)) )
-  {
-    /* Nonce does not match, fail */
-    stale = true;
-    ret = MHD_NO;
-  }
-  else
+  if ( (0 != memcmp (nn->nonce, nonce, noncelen)) ||
+       (0 != nn->nonce[noncelen]) )
+    ret = false;     /* Nonce does not match, fail */
+  else if (nc > nn->nc)
   {
-    /* Nonce is larger, shift bitmask and bump limit */
-    if (64 > nc - nn->nc)
-      nn->nmask <<= (nc - nn->nc);  /* small jump, less than mask width */
+    /* 'nc' is larger, shift bitmask and bump limit */
+    const uint64_t jump_size = nc - nn->nc;
+    if (64 > jump_size)
+    {
+      /* small jump, less than mask width */
+      nn->nmask <<= jump_size;
+      /* Set bit for the old 'nc' value */
+      nn->nmask |= (UINT64_C (1) << (jump_size - 1));
+    }
+    else if (64 == jump_size)
+      nn->nmask = (UINT64_C (1) << 63);
     else
       nn->nmask = 0;                /* big jump, unset all bits in the mask */
     nn->nc = nc;
-    ret = MHD_YES;
+    ret = true;
   }
+  else if (nc < nn->nc)
+  {
+    /* Note that we use 64 here, as we do not store the
+       bit for 'nn->nc' itself in 'nn->nmask' */
+    if ( (nc + 64 >= nn->nc) &&
+         (0 == ((UINT64_C (1) << (nn->nc - nc - 1)) & nn->nmask)) )
+    {
+      /* Out-of-order nonce, but within 64-bit bitmask, set bit */
+      nn->nmask |= (UINT64_C (1) << (nn->nc - nc - 1));
+      ret = true;
+    }
+    else
+      /* 'nc' was already used or too old (more then 64 values ago) */
+      ret = false;
+  }
+  else /* if (nc == nn->nc) */
+    /* 'nc' was already used */
+    ret = false;
+
   MHD_mutex_unlock_chk_ (&daemon->nnc_lock);
 #ifdef HAVE_MESSAGES
-  if (stale)
+  if (! ret)
     MHD_DLOG (daemon,
               _ ("Stale nonce received. If this happens a lot, you should "
                  "probably increase the size of the nonce array.\n"));
-#else
-  (void) stale; /* Mute compiler warning */
 #endif
   return ret;
 }
@@ -1075,11 +1086,10 @@ digest_auth_check_all (struct MHD_Connection 
*connection,
    * and not a replay attack attempt. Refuse if nonce was not
    * generated previously.
    */
-  if (MHD_NO ==
-      check_nonce_nc (connection,
-                      nonce,
-                      nonce_len,
-                      nci))
+  if (! check_nonce_nc (connection,
+                        nonce,
+                        nonce_len,
+                        nci))
   {
     return MHD_NO;
   }
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index fc8ec0c6..fdfcb0d2 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -252,13 +252,17 @@ struct MHD_NonceNc
 
   /**
    * Nonce counter, a value that increases for each subsequent
-   * request for the same nonce.
+   * request for the same nonce. Matches the largest last received
+   * 'nc' value.
+   * This 'nc' value was already used by the client.
    */
   uint64_t nc;
 
   /**
-   * Bitmask over the nc-64 previous nonce values.  Used to
+   * Bitmask over the the previous 64 nonce values (down to to nc-64).  Used to
    * allow out-of-order nonces.
+   * If bit in the bitmask is set to one, then this 'nc' value was already used
+   * by the client.
    */
   uint64_t nmask;
 

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.