[libmicrohttpd] 06/19: digest_auth_check(): added check for too large re

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] 06/19: digest_auth_check(): added check for too large re

From:	gnunet
Subject:	[libmicrohttpd] 06/19: digest_auth_check(): added check for too large realm value
Date:	Thu, 28 Jul 2022 06:26:10 +0200

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit 961635da2a9d7363528940f4fa7a0148e96e90d8
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Thu Jul 21 18:59:06 2022 +0300

    digest_auth_check(): added check for too large realm value
---
 src/microhttpd/digestauth.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index a3399a65..793209f9 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1973,6 +1973,9 @@ digest_auth_check_all_inner (struct MHD_Connection 
*connection,
 
   if (NULL == params->realm.value.str)
     return MHD_DAUTH_WRONG_HEADER;
+  else if (((NULL == digest) || params->userhash) &&
+           (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < params->realm.value.len))
+    return MHD_DAUTH_TOO_LARGE; /* Realm is too large and it will be used in 
hash calculations */
 
   if (NULL == params->nc.value.str)
     return MHD_DAUTH_WRONG_HEADER;

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] branch master updated (22796735 -> 2949c070), gnunet, 2022/07/28
- [libmicrohttpd] 03/19: gen_auth: cosmetics, gnunet, 2022/07/28
- [libmicrohttpd] 04/19: digest_auth_check(): reduced scope of one-time variable, gnunet, 2022/07/28
- [libmicrohttpd] 06/19: digest_auth_check(): added check for too large realm value, gnunet <=
- [libmicrohttpd] 02/19: gen_auth: fixed detection of userhash in Digest Auth requests, gnunet, 2022/07/28
- [libmicrohttpd] 07/19: Updated doxy for old Digest Auth API function, gnunet, 2022/07/28
- [libmicrohttpd] 10/19: test_digestauth_emu_ext: cosmetics, additional check, gnunet, 2022/07/28
- [libmicrohttpd] 11/19: tests_digestauth*: added workarounds for libcurl bug, gnunet, 2022/07/28
- [libmicrohttpd] 01/19: digestauth: fixed copy-paste error in request algo parsing, gnunet, 2022/07/28
- [libmicrohttpd] 08/19: digestauth: term correction in comment, gnunet, 2022/07/28
- [libmicrohttpd] 05/19: digest_auth_check(): added support for userhash, gnunet, 2022/07/28
- [libmicrohttpd] 09/19: test_digestauth{,_sha256,_with_aguments}: moved back to Digest Auth APIv2, gnunet, 2022/07/28
- [libmicrohttpd] 14/19: MHD_add_response_entry(): refactoring + added internal function, gnunet, 2022/07/28
- [libmicrohttpd] 12/19: test_digestauth_concurrent: fixed compiler warnings, gnunet, 2022/07/28

Prev by Date: [libmicrohttpd] 04/19: digest_auth_check(): reduced scope of one-time variable
Next by Date: [libmicrohttpd] 02/19: gen_auth: fixed detection of userhash in Digest Auth requests
Previous by thread: [libmicrohttpd] 04/19: digest_auth_check(): reduced scope of one-time variable
Next by thread: [libmicrohttpd] 02/19: gen_auth: fixed detection of userhash in Digest Auth requests
Index(es):
- Date
- Thread