[libmicrohttpd] 08/20: digestauth: added log messages if realm is reject

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] 08/20: digestauth: added log messages if realm is reject

From:	gnunet
Subject:	[libmicrohttpd] 08/20: digestauth: added log messages if realm is rejected due to its size
Date:	Mon, 15 Aug 2022 20:38:34 +0200

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit 7d2bf243107fb53a36f345bfd933af207c2e7823
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Sun Aug 14 21:56:07 2022 +0300

    digestauth: added log messages if realm is rejected due to its size
---
 src/microhttpd/digestauth.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 2ff3cd7f..7d0719ba 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -2115,7 +2115,7 @@ digest_auth_check_all_inner (struct MHD_Connection 
*connection,
     return MHD_DAUTH_WRONG_REALM;
   else if (((NULL == userdigest) || params->userhash) &&
            (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < params->realm.value.len))
-    return MHD_DAUTH_TOO_LARGE; /* Realm is too large and it will be used in 
hash calculations */
+    return MHD_DAUTH_TOO_LARGE; /* Realm is too large and should be used in 
hash calculations */
 
   if (MHD_DIGEST_AUTH_QOP_NONE != c_qop)
   {
@@ -2954,7 +2954,13 @@ MHD_queue_auth_required_response3 (struct MHD_Connection 
*connection,
   /* 'realm="xxxx", ' */
   realm_len = strlen (realm);
   if (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < realm_len)
+  {
+#ifdef HAVE_MESSAGES
+    MHD_DLOG (connection->daemon,
+              _ ("The 'realm' is too large.\n"));
+#endif /* HAVE_MESSAGES */
     return MHD_NO;
+  }
   if ((NULL != memchr (realm, '\r', realm_len)) ||
       (NULL != memchr (realm, '\n', realm_len)))
     return MHD_NO;
@@ -3034,7 +3040,21 @@ MHD_queue_auth_required_response3 (struct MHD_Connection 
*connection,
           MHD_STATICSTR_LEN_ (prefix_realm));
   p += MHD_STATICSTR_LEN_ (prefix_realm);
   mhd_assert ((buf_size - p) >= (realm_len * 2));
-  p += MHD_str_quote (realm, realm_len, buf + p, buf_size - p);
+  if (1)
+  {
+    size_t quoted_size;
+    quoted_size = MHD_str_quote (realm, realm_len, buf + p, buf_size - p);
+    if (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < quoted_size)
+    {
+#ifdef HAVE_MESSAGES
+      MHD_DLOG (connection->daemon,
+                _ ("The 'realm' is too large after 'quoting'.\n"));
+#endif /* HAVE_MESSAGES */
+      free (buf);
+      return MHD_NO;
+    }
+    p += quoted_size;
+  }
   buf[p++] = '\"';
   buf[p++] = ',';
   buf[p++] = ' ';

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] branch master updated (9a18a4f8 -> c63be03c), gnunet, 2022/08/15
- [libmicrohttpd] 04/20: digestauth: add log warning for empty random data, gnunet, 2022/08/15
- [libmicrohttpd] 01/20: digestauth: use internal header for mutex instead of system header, gnunet, 2022/08/15
- [libmicrohttpd] 06/20: digestauth: warn about RFC2069 used with SHA-256, gnunet, 2022/08/15
- [libmicrohttpd] 05/20: digestauth: corrected log message for RFC2069 mode, gnunet, 2022/08/15
- [libmicrohttpd] 16/20: test_digestauth2: minor improvements, gnunet, 2022/08/15
- [libmicrohttpd] 18/20: test_digestauth_concurrent: added debug print, gnunet, 2022/08/15
- [libmicrohttpd] 12/20: test_digestauth2: added testing with two requests, gnunet, 2022/08/15
- [libmicrohttpd] 08/20: digestauth: added log messages if realm is rejected due to its size, gnunet <=
- [libmicrohttpd] 03/20: daemon.c: cosmetics, gnunet, 2022/08/15
- [libmicrohttpd] 07/20: digestauth: do not use "algorithm" in response header in RFC2069 mode, gnunet, 2022/08/15
- [libmicrohttpd] 11/20: Added MHD_OPTION_DIGEST_AUTH_NONCE_BIND_TYPE to control how to generate and check nonces for Digest Auth, gnunet, 2022/08/15
- [libmicrohttpd] 10/20: daemon.c: fixed and simplified sockaddr alignment handling, gnunet, 2022/08/15
- [libmicrohttpd] 02/20: microhttpd: minor doxy improvement, gnunet, 2022/08/15
- [libmicrohttpd] 17/20: digestauth: minor comment correction, gnunet, 2022/08/15
- [libmicrohttpd] 15/20: test_digestauth2: added third request with new connection, gnunet, 2022/08/15
- [libmicrohttpd] 19/20: digestauth: updated the method of nonce generation in default mode, gnunet, 2022/08/15
- [libmicrohttpd] 20/20: calculate_nonce(): added comments, minor code corrections, gnunet, 2022/08/15
- [libmicrohttpd] 09/20: mhd_str: added function for bin to hex without zero-termination, gnunet, 2022/08/15

Prev by Date: [libmicrohttpd] 12/20: test_digestauth2: added testing with two requests
Next by Date: [libmicrohttpd] 03/20: daemon.c: cosmetics
Previous by thread: [libmicrohttpd] 12/20: test_digestauth2: added testing with two requests
Next by thread: [libmicrohttpd] 03/20: daemon.c: cosmetics
Index(es):
- Date
- Thread