[libmicrohttpd] branch master updated (0effaaad -> 06336118)

[gnunet]

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a change to branch master
in repository libmicrohttpd.

    from 0effaaad digestauth: moved "hash" calculation to separate function
     new bf9ca173 check_nonce_nc(): use already known nonce size, avoid size 
recalculation
     new fbf3b534 digestauth: added dedicated function for adding the new nonces
     new 06336118 digestauth: do not add nonce from client, if it was not 
generated by MHD

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 src/microhttpd/digestauth.c | 75 ++++++++++++++++++++++++++++++++-------------
 1 file changed, 53 insertions(+), 22 deletions(-)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 25cae280..943f1eb5 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -531,30 +531,68 @@ fast_simple_hash (const uint8_t *data,
 }
 
 
+/**
+ * Add the new nonce to the nonce-nc map array.
+ *
+ * @param connection The MHD connection structure
+ * @param nonce A pointer that referenced a zero-terminated array of nonce
+ * @param noncelen the lenth of @a nonce, in characters
+ * @return #MHD_YES if successful, #MHD_NO if invalid (or we have no NC array)
+ */
+static bool
+add_nonce (struct MHD_Connection *connection,
+           const char *nonce,
+           size_t noncelen)
+{
+  struct MHD_Daemon *const daemon = connection->daemon;
+  unsigned int arr_size;
+  struct MHD_NonceNc *nn;
+
+  mhd_assert (MAX_NONCE_LENGTH >= noncelen);
+  arr_size = daemon->nonce_nc_size;
+  if (0 == arr_size)
+    return false;
+
+  nn = &daemon->nnc[fast_simple_hash ((const uint8_t *) nonce, noncelen)
+                    % arr_size];
+
+  MHD_mutex_lock_chk_ (&daemon->nnc_lock);
+  memcpy (nn->nonce,
+          nonce,
+          noncelen + 1);
+  nn->nc = 0;
+  nn->nmask = 0;
+  MHD_mutex_unlock_chk_ (&daemon->nnc_lock);
+  return true;
+}
+
+
 /**
  * Check nonce-nc map array with either new nonce counter
  * or a whole new nonce.
  *
  * @param connection The MHD connection structure
  * @param nonce A pointer that referenced a zero-terminated array of nonce
+ * @param noncelen the lenth of @a nonce, in characters
  * @param nc The nonce counter, zero to add the nonce to the array
  * @return #MHD_YES if successful, #MHD_NO if invalid (or we have no NC array)
  */
 static enum MHD_Result
 check_nonce_nc (struct MHD_Connection *connection,
                 const char *nonce,
+                size_t noncelen,
                 uint64_t nc)
 {
   struct MHD_Daemon *daemon = connection->daemon;
   struct MHD_NonceNc *nn;
   uint32_t off;
   uint32_t mod;
-  size_t noncelen;
   enum MHD_Result ret;
   bool stale;
 
   stale = false;
-  noncelen = strlen (nonce) + 1;
+  mhd_assert (noncelen != strlen (nonce));
+  mhd_assert (0 != nc);
   if (MAX_NONCE_LENGTH < noncelen)
     return MHD_NO; /* This should be impossible, but static analysis
                       tools have a hard time with it *and* this also
@@ -573,22 +611,13 @@ check_nonce_nc (struct MHD_Connection *connection,
   nn = &daemon->nnc[off];
 
   MHD_mutex_lock_chk_ (&daemon->nnc_lock);
-  if (0 == nc)
-  {
-    /* Fresh nonce, reinitialize array */
-    memcpy (nn->nonce,
-            nonce,
-            noncelen);
-    nn->nc = 0;
-    nn->nmask = 0;
-    ret = MHD_YES;
-  }
+
   /* Note that we use 64 here, as we do not store the
      bit for 'nn->nc' itself in 'nn->nmask' */
-  else if ( (nc < nn->nc) &&
-            (nc + 64 > nc /* checking for overflow */) &&
-            (nc + 64 >= nn->nc) &&
-            (0 == ((1LLU << (nn->nc - nc - 1)) & nn->nmask)) )
+  if ( (nc < nn->nc) &&
+       (nc + 64 > nc /* checking for overflow */) &&
+       (nc + 64 >= nn->nc) &&
+       (0 == ((1LLU << (nn->nc - nc - 1)) & nn->nmask)) )
   {
     /* Out-of-order nonce, but within 64-bit bitmask, set bit */
     nn->nmask |= (1LLU << (nn->nc - nc - 1));
@@ -872,6 +901,7 @@ digest_auth_check_all (struct MHD_Connection *connection,
   size_t len;
   const char *header;
   char nonce[MAX_NONCE_LENGTH];
+  size_t nonce_len;
   char cnonce[MAX_NONCE_LENGTH];
   const unsigned int digest_size = da->digest_size;
   char ha1[VLA_ARRAY_LEN_DIGEST (digest_size) * 2 + 1];
@@ -935,6 +965,7 @@ digest_auth_check_all (struct MHD_Connection *connection,
                                     header,
                                     "nonce")))
     return MHD_NO;
+  nonce_len = len;
   left -= strlen ("nonce") + len;
   if (left > 32 * 1024)
   {
@@ -1041,12 +1072,13 @@ digest_auth_check_all (struct MHD_Connection 
*connection,
 
   /*
    * Checking if that combination of nonce and nc is sound
-   * and not a replay attack attempt. Also adds the nonce
-   * to the nonce-nc map if it does not exist there.
+   * and not a replay attack attempt. Refuse if nonce was not
+   * generated previously.
    */
   if (MHD_NO ==
       check_nonce_nc (connection,
                       nonce,
+                      nonce_len,
                       nci))
   {
     return MHD_NO;
@@ -1391,10 +1423,9 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection 
*connection,
                      realm,
                      &da,
                      nonce);
-    if (MHD_NO ==
-        check_nonce_nc (connection,
-                        nonce,
-                        0))
+    if (! add_nonce (connection,
+                     nonce,
+                     NONCE_STD_LEN (da.digest_size)))
     {
 #ifdef HAVE_MESSAGES
       MHD_DLOG (connection->daemon,

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.