[libmicrohttpd] 06/12: digestauth: added run-time checks for algo value

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] 06/12: digestauth: added run-time checks for algo value

From:	gnunet
Subject:	[libmicrohttpd] 06/12: digestauth: added run-time checks for algo value
Date:	Wed, 04 May 2022 14:59:40 +0200

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit 6245c9a0a2d5dadbb87474b36f09a07ec0cf6d26
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Wed May 4 14:07:29 2022 +0300

    digestauth: added run-time checks for algo value
---
 src/microhttpd/digestauth.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index c1b5cf2a..f009a6f2 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1305,6 +1305,8 @@ MHD_digest_auth_check2 (struct MHD_Connection *connection,
   SETUP_DA (algo, da);
 
   mhd_assert (NULL != password);
+  if (0 == da.digest_size)
+    MHD_PANIC (_ ("Wrong algo value.\n")); /* API violation! */
   return digest_auth_check_all (connection,
                                 &da,
                                 realm,
@@ -1344,7 +1346,7 @@ MHD_digest_auth_check_digest2 (struct MHD_Connection 
*connection,
   SETUP_DA (algo, da);
 
   mhd_assert (NULL != digest);
-  if (da.digest_size != digest_size)
+  if ((da.digest_size != digest_size) || (0 == digest_size))
     MHD_PANIC (_ ("Digest size mismatch.\n")); /* API violation! */
   return digest_auth_check_all (connection,
                                 &da,
@@ -1418,6 +1420,9 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection 
*connection,
   int hlen;
   SETUP_DA (algo, da);
 
+  if (0 == da.digest_size)
+    MHD_PANIC (_ ("Wrong algo value.\n")); /* API violation! */
+
   if (NULL == response)
     return MHD_NO;
 

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] branch master updated (76b68f65 -> d031ea8c), gnunet, 2022/05/04
- [libmicrohttpd] 04/12: digestauth: changed type of var, gnunet, 2022/05/04
- [libmicrohttpd] 01/12: internal.h: fixed doxy, gnunet, 2022/05/04
- [libmicrohttpd] 02/12: .gitignore: Updated, gnunet, 2022/05/04
- [libmicrohttpd] 05/12: digestauth: additional assert, gnunet, 2022/05/04
- [libmicrohttpd] 08/12: digestauth: use mseconds for timestamp, gnunet, 2022/05/04
- [libmicrohttpd] 09/12: digestauth: additional macros for readability, gnunet, 2022/05/04
- [libmicrohttpd] 07/12: digestauth: increased timestamp to 48 bits, gnunet, 2022/05/04
- [libmicrohttpd] 06/12: digestauth: added run-time checks for algo value, gnunet <=
- [libmicrohttpd] 11/12: digestauth: added management of nonce-nc map array slots, gnunet, 2022/05/04
- [libmicrohttpd] 03/12: digestauth: use 7 bit shift for fast "hash", gnunet, 2022/05/04
- [libmicrohttpd] 10/12: digestauth: additional static function for code re-use, gnunet, 2022/05/04
- [libmicrohttpd] 12/12: digestauth: re-used static function, gnunet, 2022/05/04

Prev by Date: [libmicrohttpd] 07/12: digestauth: increased timestamp to 48 bits
Next by Date: [libmicrohttpd] 11/12: digestauth: added management of nonce-nc map array slots
Previous by thread: [libmicrohttpd] 07/12: digestauth: increased timestamp to 48 bits
Next by thread: [libmicrohttpd] 11/12: digestauth: added management of nonce-nc map array slots
Index(es):
- Date
- Thread