[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 05/06: digestauth: limit nonce-count to uint32_t
From: |
gnunet |
Subject: |
[libmicrohttpd] 05/06: digestauth: limit nonce-count to uint32_t |
Date: |
Tue, 09 Aug 2022 20:27:16 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit 228ddbd181aa6562331f3841649637d73e9d3855
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Tue Aug 9 19:59:20 2022 +0300
digestauth: limit nonce-count to uint32_t
---
src/microhttpd/digestauth.c | 6 +++---
src/microhttpd/internal.h | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index d35a87a7..e9a7e35f 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -590,7 +590,7 @@ check_nonce_nc (struct MHD_Connection *connection,
mod = daemon->nonce_nc_size;
if (0 == mod)
return MHD_CHECK_NONCENC_STALE; /* no array! */
- if (nc >= UINT64_MAX - 64)
+ if (nc >= UINT32_MAX - 64)
return MHD_CHECK_NONCENC_STALE; /* Overflow, unrealistically high value */
nn = &daemon->nnc[get_nonce_nc_idx (mod, nonce, noncelen)];
@@ -649,7 +649,7 @@ check_nonce_nc (struct MHD_Connection *connection,
else if (nc > nn->nc)
{
/* 'nc' is larger, shift bitmask and bump limit */
- const uint64_t jump_size = nc - nn->nc;
+ const uint32_t jump_size = (uint32_t) nc - nn->nc;
if (64 > jump_size)
{
/* small jump, less than mask width */
@@ -661,7 +661,7 @@ check_nonce_nc (struct MHD_Connection *connection,
nn->nmask = (UINT64_C (1) << 63);
else
nn->nmask = 0; /* big jump, unset all bits in the mask */
- nn->nc = nc;
+ nn->nc = (uint32_t) nc;
ret = MHD_CHECK_NONCENC_OK;
}
else if (nc < nn->nc)
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index e9ffb28a..e91369ad 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -268,7 +268,7 @@ struct MHD_NonceNc
* 'nc' value.
* This 'nc' value was already used by the client.
*/
- uint64_t nc;
+ uint32_t nc;
/**
* Bitmask over the previous 64 nonce counter values (down to to nc-64).
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (bb33e458 -> 9a18a4f8), gnunet, 2022/08/09
- [libmicrohttpd] 04/06: test_auth_parse: added testing of 'userhash' parameter parsing, gnunet, 2022/08/09
- [libmicrohttpd] 01/06: Internal refactoring: moved all request-related members to separate structure, gnunet, 2022/08/09
- [libmicrohttpd] 02/06: Internal refactoring: moved all reply-related members to separate structure, gnunet, 2022/08/09
- [libmicrohttpd] 06/06: test_auth_parse: added check of two auths types parsing in one request, gnunet, 2022/08/09
- [libmicrohttpd] 05/06: digestauth: limit nonce-count to uint32_t,
gnunet <=
- [libmicrohttpd] 03/06: gen_auth: added support for two authorization headers in request, gnunet, 2022/08/09