[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 06/19: digest_auth_check(): added check for too large re
From: |
gnunet |
Subject: |
[libmicrohttpd] 06/19: digest_auth_check(): added check for too large realm value |
Date: |
Thu, 28 Jul 2022 06:26:10 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit 961635da2a9d7363528940f4fa7a0148e96e90d8
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Thu Jul 21 18:59:06 2022 +0300
digest_auth_check(): added check for too large realm value
---
src/microhttpd/digestauth.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index a3399a65..793209f9 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1973,6 +1973,9 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
if (NULL == params->realm.value.str)
return MHD_DAUTH_WRONG_HEADER;
+ else if (((NULL == digest) || params->userhash) &&
+ (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < params->realm.value.len))
+ return MHD_DAUTH_TOO_LARGE; /* Realm is too large and it will be used in
hash calculations */
if (NULL == params->nc.value.str)
return MHD_DAUTH_WRONG_HEADER;
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (22796735 -> 2949c070), gnunet, 2022/07/28
- [libmicrohttpd] 03/19: gen_auth: cosmetics, gnunet, 2022/07/28
- [libmicrohttpd] 04/19: digest_auth_check(): reduced scope of one-time variable, gnunet, 2022/07/28
- [libmicrohttpd] 06/19: digest_auth_check(): added check for too large realm value,
gnunet <=
- [libmicrohttpd] 02/19: gen_auth: fixed detection of userhash in Digest Auth requests, gnunet, 2022/07/28
- [libmicrohttpd] 07/19: Updated doxy for old Digest Auth API function, gnunet, 2022/07/28
- [libmicrohttpd] 10/19: test_digestauth_emu_ext: cosmetics, additional check, gnunet, 2022/07/28
- [libmicrohttpd] 11/19: tests_digestauth*: added workarounds for libcurl bug, gnunet, 2022/07/28
- [libmicrohttpd] 01/19: digestauth: fixed copy-paste error in request algo parsing, gnunet, 2022/07/28
- [libmicrohttpd] 08/19: digestauth: term correction in comment, gnunet, 2022/07/28
- [libmicrohttpd] 05/19: digest_auth_check(): added support for userhash, gnunet, 2022/07/28
- [libmicrohttpd] 09/19: test_digestauth{,_sha256,_with_aguments}: moved back to Digest Auth APIv2, gnunet, 2022/07/28
- [libmicrohttpd] 14/19: MHD_add_response_entry(): refactoring + added internal function, gnunet, 2022/07/28
- [libmicrohttpd] 12/19: test_digestauth_concurrent: fixed compiler warnings, gnunet, 2022/07/28