[libmicrohttpd] 05/06: digestauth: limit nonce-count to uint32

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] 05/06: digestauth: limit nonce-count to uint32_t

From:	gnunet
Subject:	[libmicrohttpd] 05/06: digestauth: limit nonce-count to uint32_t
Date:	Tue, 09 Aug 2022 20:27:16 +0200

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit 228ddbd181aa6562331f3841649637d73e9d3855
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Tue Aug 9 19:59:20 2022 +0300

    digestauth: limit nonce-count to uint32_t
---
 src/microhttpd/digestauth.c | 6 +++---
 src/microhttpd/internal.h   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index d35a87a7..e9a7e35f 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -590,7 +590,7 @@ check_nonce_nc (struct MHD_Connection *connection,
   mod = daemon->nonce_nc_size;
   if (0 == mod)
     return MHD_CHECK_NONCENC_STALE;  /* no array! */
-  if (nc >= UINT64_MAX - 64)
+  if (nc >= UINT32_MAX - 64)
     return MHD_CHECK_NONCENC_STALE;  /* Overflow, unrealistically high value */
 
   nn = &daemon->nnc[get_nonce_nc_idx (mod, nonce, noncelen)];
@@ -649,7 +649,7 @@ check_nonce_nc (struct MHD_Connection *connection,
   else if (nc > nn->nc)
   {
     /* 'nc' is larger, shift bitmask and bump limit */
-    const uint64_t jump_size = nc - nn->nc;
+    const uint32_t jump_size = (uint32_t) nc - nn->nc;
     if (64 > jump_size)
     {
       /* small jump, less than mask width */
@@ -661,7 +661,7 @@ check_nonce_nc (struct MHD_Connection *connection,
       nn->nmask = (UINT64_C (1) << 63);
     else
       nn->nmask = 0;                /* big jump, unset all bits in the mask */
-    nn->nc = nc;
+    nn->nc = (uint32_t) nc;
     ret = MHD_CHECK_NONCENC_OK;
   }
   else if (nc < nn->nc)
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index e9ffb28a..e91369ad 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -268,7 +268,7 @@ struct MHD_NonceNc
    * 'nc' value.
    * This 'nc' value was already used by the client.
    */
-  uint64_t nc;
+  uint32_t nc;
 
   /**
    * Bitmask over the previous 64 nonce counter values (down to to nc-64).

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] branch master updated (bb33e458 -> 9a18a4f8), gnunet, 2022/08/09
- [libmicrohttpd] 04/06: test_auth_parse: added testing of 'userhash' parameter parsing, gnunet, 2022/08/09
- [libmicrohttpd] 01/06: Internal refactoring: moved all request-related members to separate structure, gnunet, 2022/08/09
- [libmicrohttpd] 02/06: Internal refactoring: moved all reply-related members to separate structure, gnunet, 2022/08/09
- [libmicrohttpd] 06/06: test_auth_parse: added check of two auths types parsing in one request, gnunet, 2022/08/09
- [libmicrohttpd] 05/06: digestauth: limit nonce-count to uint32_t, gnunet <=
- [libmicrohttpd] 03/06: gen_auth: added support for two authorization headers in request, gnunet, 2022/08/09

Prev by Date: [libmicrohttpd] branch master updated (bb33e458 -> 9a18a4f8)
Next by Date: [libmicrohttpd] 03/06: gen_auth: added support for two authorization headers in request
Previous by thread: [libmicrohttpd] 06/06: test_auth_parse: added check of two auths types parsing in one request
Next by thread: [libmicrohttpd] 03/06: gen_auth: added support for two authorization headers in request
Index(es):
- Date
- Thread