[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 01/04: digestauth: added check for valid nonce format in
|
From: |
gnunet |
|
Subject: |
[libmicrohttpd] 01/04: digestauth: added check for valid nonce format in the nonce-nc map |
|
Date: |
Fri, 06 May 2022 21:22:11 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit 4b3895dd4aa47e550839c11889381e8442e20a4e
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Fri May 6 15:05:43 2022 +0300
digestauth: added check for valid nonce format in the nonce-nc map
This is required to prevent strlen() runaway.
---
src/microhttpd/digestauth.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 11512db0..8d907e13 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -859,6 +859,11 @@ is_slot_available (const struct MHD_NonceNc *const nn,
return true; /* Client already used the nonce in this slot at least
one time, re-use the slot */
+ /* The nonce must be zero-terminated */
+ mhd_assert (0 == nn->nonce[sizeof(nn->nonce) - 1]);
+ if (0 != nn->nonce[sizeof(nn->nonce) - 1])
+ return true; /* Wrong nonce format in the slot */
+
timestamp_valid = get_nonce_timestamp (nn->nonce, 0, ×tamp);
mhd_assert (timestamp_valid);
if (! timestamp_valid)
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.