Re: [libmicrohttpd] SEGFAULT in digest_calc_ha1_from

libmicrohttpd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] SEGFAULT in digest_calc_ha1_from_user()

From:	Christian Grothoff
Subject:	Re: [libmicrohttpd] SEGFAULT in digest_calc_ha1_from_user()
Date:	Mon, 15 Apr 2019 00:33:50 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

Hi Tim,

Technically this cannot happen, the 'digest != NULL' check before
correlates with password == NULL and vice versa. But, I'm happy to add
an additional assertion to make static analysis happier...

I've applied your realloc() patch as well.

Happy hacking!

Christian

On 4/14/19 9:08 PM, Tim Rühsen wrote:
> Hi,
> 
> in digestauth.c, L296 you'll find an unconditional strlen(password).
> 
> The function is called via digest_auth_check_all() from
> MHD_digest_auth_check_digest2() with a NULL 'password'.
> 
> I am not sure what your favorite place is for a fix, so I'll just report
> and leave it to you.
> 
> Regards, Tim
>

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] SEGFAULT in digest_calc_ha1_from_user(), Tim Rühsen, 2019/04/14
- Re: [libmicrohttpd] SEGFAULT in digest_calc_ha1_from_user(), Christian Grothoff <=

Prev by Date: [libmicrohttpd] SEGFAULT in digest_calc_ha1_from_user()
Next by Date: Re: [libmicrohttpd] Post-Handshake Authentication Support
Previous by thread: [libmicrohttpd] SEGFAULT in digest_calc_ha1_from_user()
Next by thread: Re: [libmicrohttpd] clang formatting discussion via [gnunet-developers]
Index(es):
- Date
- Thread