libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] SEGFAULT in digest_calc_ha1_from_user()


From: Tim Rühsen
Subject: [libmicrohttpd] SEGFAULT in digest_calc_ha1_from_user()
Date: Sun, 14 Apr 2019 21:08:22 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

Hi,

in digestauth.c, L296 you'll find an unconditional strlen(password).

The function is called via digest_auth_check_all() from
MHD_digest_auth_check_digest2() with a NULL 'password'.

I am not sure what your favorite place is for a fix, so I'll just report
and leave it to you.

Regards, Tim

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]