[libmicrohttpd] 03/03: digestauth: do not add nonce from client, if it w

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] 03/03: digestauth: do not add nonce from client, if it w

From:	gnunet
Subject:	[libmicrohttpd] 03/03: digestauth: do not add nonce from client, if it was not generated by MHD
Date:	Sat, 30 Apr 2022 19:30:26 +0200

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit 06336118eb5dd3b54b4d8ae424b9f767d9f1f9c7
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Sat Apr 30 20:29:57 2022 +0300

    digestauth: do not add nonce from client, if it was not generated by MHD
---
 src/microhttpd/digestauth.c | 24 ++++++++----------------
 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 84fceeae..943f1eb5 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -592,6 +592,7 @@ check_nonce_nc (struct MHD_Connection *connection,
 
   stale = false;
   mhd_assert (noncelen != strlen (nonce));
+  mhd_assert (0 != nc);
   if (MAX_NONCE_LENGTH < noncelen)
     return MHD_NO; /* This should be impossible, but static analysis
                       tools have a hard time with it *and* this also
@@ -610,22 +611,13 @@ check_nonce_nc (struct MHD_Connection *connection,
   nn = &daemon->nnc[off];
 
   MHD_mutex_lock_chk_ (&daemon->nnc_lock);
-  if (0 == nc)
-  {
-    /* Fresh nonce, reinitialize array */
-    memcpy (nn->nonce,
-            nonce,
-            noncelen + 1);
-    nn->nc = 0;
-    nn->nmask = 0;
-    ret = MHD_YES;
-  }
+
   /* Note that we use 64 here, as we do not store the
      bit for 'nn->nc' itself in 'nn->nmask' */
-  else if ( (nc < nn->nc) &&
-            (nc + 64 > nc /* checking for overflow */) &&
-            (nc + 64 >= nn->nc) &&
-            (0 == ((1LLU << (nn->nc - nc - 1)) & nn->nmask)) )
+  if ( (nc < nn->nc) &&
+       (nc + 64 > nc /* checking for overflow */) &&
+       (nc + 64 >= nn->nc) &&
+       (0 == ((1LLU << (nn->nc - nc - 1)) & nn->nmask)) )
   {
     /* Out-of-order nonce, but within 64-bit bitmask, set bit */
     nn->nmask |= (1LLU << (nn->nc - nc - 1));
@@ -1080,8 +1072,8 @@ digest_auth_check_all (struct MHD_Connection *connection,
 
   /*
    * Checking if that combination of nonce and nc is sound
-   * and not a replay attack attempt. Also adds the nonce
-   * to the nonce-nc map if it does not exist there.
+   * and not a replay attack attempt. Refuse if nonce was not
+   * generated previously.
    */
   if (MHD_NO ==
       check_nonce_nc (connection,

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] branch master updated (0effaaad -> 06336118), gnunet, 2022/04/30
- [libmicrohttpd] 01/03: check_nonce_nc(): use already known nonce size, avoid size recalculation, gnunet, 2022/04/30
- [libmicrohttpd] 02/03: digestauth: added dedicated function for adding the new nonces, gnunet, 2022/04/30
- [libmicrohttpd] 03/03: digestauth: do not add nonce from client, if it was not generated by MHD, gnunet <=

Prev by Date: [libmicrohttpd] 02/03: digestauth: added dedicated function for adding the new nonces
Previous by thread: [libmicrohttpd] 02/03: digestauth: added dedicated function for adding the new nonces
Index(es):
- Date
- Thread