[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 08/14: digestauth: removed usage of variable-length arra
From: |
gnunet |
Subject: |
[libmicrohttpd] 08/14: digestauth: removed usage of variable-length arrays |
Date: |
Thu, 21 Jul 2022 14:08:06 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit e1e5a395681d56289d2de5616b112a8e01ed9052
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Wed Jul 20 13:54:51 2022 +0300
digestauth: removed usage of variable-length arrays
This should improve efficiency, size and security:
* Code works just fine with fixed size arrays.
* The resulting binary size is smaller when fixed size arrays are used.
* GCC stack protector cannot be used with functions with variable-length
arrays.
---
src/microhttpd/digestauth.c | 23 +++++++++++------------
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 8705b922..fac12ec0 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1239,7 +1239,7 @@ MHD_digest_auth_get_username (struct MHD_Connection
*connection)
* @param realm_len the length of the @a realm.
* @param da digest algorithm to use
* @param[out] nonce A pointer to a character array for the nonce to put in,
- * must provide NONCE_STD_LEN(da->digest_size)+1 bytes
+ * must provide NONCE_STD_LEN(digest_get_size(da))+1 bytes
*/
static void
calculate_nonce (uint64_t nonce_time,
@@ -1301,7 +1301,7 @@ calculate_nonce (uint64_t nonce_time,
if (1)
{
const unsigned int digest_size = digest_get_size (da);
- uint8_t hash[VLA_ARRAY_LEN_DIGEST (digest_size)];
+ uint8_t hash[MAX_DIGEST];
digest_calc_hash (da, hash);
MHD_bin_to_hex (hash,
digest_size,
@@ -1381,7 +1381,7 @@ is_slot_available (const struct MHD_NonceNc *const nn,
* @param realm_len the length of the @a realm
* @param da the digest algorithm to use
* @param[out] nonce the pointer to a character array for the nonce to put in,
- * must provide NONCE_STD_LEN(da->digest_size)+1 bytes
+ * must provide NONCE_STD_LEN(digest_get_size(da))+1 bytes
* @return true if the new nonce has been added to the nonce-nc map array,
* false otherwise.
*/
@@ -1450,7 +1450,7 @@ calculate_add_nonce (struct MHD_Connection *const
connection,
* @param realm A string of characters that describes the realm of auth.
* @param da digest algorithm to use
* @param[out] nonce A pointer to a character array for the nonce to put in,
- * must provide NONCE_STD_LEN(da->digest_size)+1 bytes
+ * must provide NONCE_STD_LEN(digest_get_size(da))+1 bytes
*/
static bool
calculate_add_nonce_with_retry (struct MHD_Connection *const connection,
@@ -1472,7 +1472,7 @@ calculate_add_nonce_with_retry (struct MHD_Connection
*const connection,
* used by the client and this nonce is still fresh enough.
*/
const size_t digest_size = digest_get_size (da);
- char nonce2[NONCE_STD_LEN (VLA_ARRAY_LEN_DIGEST (digest_size)) + 1];
+ char nonce2[NONCE_STD_LEN (MAX_DIGEST) + 1];
uint64_t timestamp2;
if (0 == MHD_get_master (connection->daemon)->nonce_nc_size)
return false; /* No need to re-try */
@@ -1888,7 +1888,7 @@ is_param_equal_caseless (const struct MHD_RqDAuthParam
*param,
* @param password The password used in the authentication
* @param digest An optional binary hash
* of the precalculated hash value "username:realm:password"
- * (must contain "da->digest_size" bytes or be NULL)
+ * (must contain "digest_get_size(da)" bytes or be NULL)
* @param nonce_timeout The amount of time for a nonce to be
* invalid in seconds
* @param[out] pbuf the pointer to pointer to internally malloc'ed buffer,
@@ -1909,8 +1909,8 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
{
struct MHD_Daemon *daemon = MHD_get_master (connection->daemon);
const unsigned int digest_size = digest_get_size (da);
- uint8_t hash1_bin[VLA_ARRAY_LEN_DIGEST (digest_size)];
- uint8_t hash2_bin[VLA_ARRAY_LEN_DIGEST (digest_size)];
+ uint8_t hash1_bin[MAX_DIGEST];
+ uint8_t hash2_bin[MAX_DIGEST];
#if 0
const char *hentity = NULL; /* "auth-int" is not supported */
#endif
@@ -2239,7 +2239,7 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
* @param password The password used in the authentication
* @param digest An optional binary hash
* of the precalculated hash value "username:realm:password"
- * (must contain "da->digest_size" bytes or be NULL)
+ * (must contain "digest_get_size(da)" bytes or be NULL)
* @param nonce_timeout The amount of time for a nonce to be
* invalid in seconds
* @return #MHD_DAUTH_OK if authenticated,
@@ -2583,10 +2583,9 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection
*connection,
if (1)
{
- char nonce[NONCE_STD_LEN (VLA_ARRAY_LEN_DIGEST (digest_get_size (&da)))
- + 1];
+ char nonce[NONCE_STD_LEN (MAX_DIGEST) + 1];
- VLA_CHECK_LEN_DIGEST (digest_get_size (&da));
+ /* VLA_CHECK_LEN_DIGEST (digest_get_size (&da)); */
if (! calculate_add_nonce_with_retry (connection, realm, &da, nonce))
{
#ifdef HAVE_MESSAGES
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (bd88a19e -> 22796735), gnunet, 2022/07/21
- [libmicrohttpd] 01/14: test_basicauth: Fixed doxy, gnunet, 2022/07/21
- [libmicrohttpd] 02/14: test_digest: improved test URI, gnunet, 2022/07/21
- [libmicrohttpd] 04/14: digestauth: simplified internal function call, gnunet, 2022/07/21
- [libmicrohttpd] 03/14: digestauth: added small helper function to simplify the code, gnunet, 2022/07/21
- [libmicrohttpd] 06/14: digest_auth_check(): removed one more large local variable, gnunet, 2022/07/21
- [libmicrohttpd] 07/14: digest calculations: further simplified code, removed some local variables, gnunet, 2022/07/21
- [libmicrohttpd] 08/14: digestauth: removed usage of variable-length arrays,
gnunet <=
- [libmicrohttpd] 11/14: digestauth: fixed username extraction with the new API, gnunet, 2022/07/21
- [libmicrohttpd] 10/14: digest_auth_check(): updated the order of parameters check, gnunet, 2022/07/21
- [libmicrohttpd] 12/14: digestauth: do not allocate extra space for extended notation, gnunet, 2022/07/21
- [libmicrohttpd] 05/14: digestauth: added sanity check for digest macros, gnunet, 2022/07/21
- [libmicrohttpd] 09/14: digest_auth_check(): added support for username in extended notation, gnunet, 2022/07/21
- [libmicrohttpd] 13/14: digestauth: added support for extended notation for old API, gnunet, 2022/07/21
- [libmicrohttpd] 14/14: Added test for Digest Auth with username in extended notation, gnunet, 2022/07/21