[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r34761 - libmicrohttpd/src/microhttpd
From: |
gnunet |
Subject: |
[GNUnet-SVN] r34761 - libmicrohttpd/src/microhttpd |
Date: |
Mon, 22 Dec 2014 20:42:31 +0100 |
Author: Karlson2k
Date: 2014-12-22 20:42:31 +0100 (Mon, 22 Dec 2014)
New Revision: 34761
Modified:
libmicrohttpd/src/microhttpd/basicauth.c
libmicrohttpd/src/microhttpd/digestauth.c
Log:
Replace char variable size arrays with malloc'ed buffers
Modified: libmicrohttpd/src/microhttpd/basicauth.c
===================================================================
--- libmicrohttpd/src/microhttpd/basicauth.c 2014-12-22 19:42:24 UTC (rev
34760)
+++ libmicrohttpd/src/microhttpd/basicauth.c 2014-12-22 19:42:31 UTC (rev
34761)
@@ -119,15 +119,25 @@
{
int ret;
size_t hlen = strlen(realm) + strlen("Basic realm=\"\"") + 1;
- char header[hlen];
-
+ char *header;
+
+ header = (char*)malloc(hlen);
+ if (NULL == header)
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG(connection->daemon,
+ "Failed to allocate memory for auth header\n");
+#endif /* HAVE_MESSAGES */
+ return MHD_NO;
+ }
MHD_snprintf_ (header,
- sizeof (header),
+ hlen,
"Basic realm=\"%s\"",
realm);
ret = MHD_add_response_header (response,
MHD_HTTP_HEADER_WWW_AUTHENTICATE,
header);
+ free(header);
if (MHD_YES == ret)
ret = MHD_queue_response (connection,
MHD_HTTP_UNAUTHORIZED,
Modified: libmicrohttpd/src/microhttpd/digestauth.c
===================================================================
--- libmicrohttpd/src/microhttpd/digestauth.c 2014-12-22 19:42:24 UTC (rev
34760)
+++ libmicrohttpd/src/microhttpd/digestauth.c 2014-12-22 19:42:31 UTC (rev
34761)
@@ -480,15 +480,22 @@
const char *args)
{
struct MHD_HTTP_Header *pos;
- size_t slen = strlen (args) + 1;
- char argb[slen];
+ char *argb;
char *argp;
char *equals;
char *amper;
unsigned int num_headers;
+ argb = strdup(args);
+ if (NULL == argb)
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG(connection->daemon,
+ "Failed to allocate memory for copy of URI arguments\n");
+#endif /* HAVE_MESSAGES */
+ return MHD_NO;
+ }
num_headers = 0;
- memcpy (argb, args, slen);
argp = argb;
while ( (NULL != argp) &&
('\0' != argp[0]) )
@@ -626,12 +633,24 @@
return MHD_NO;
}
{
- char uri[left];
-
+ char *uri;
+
+ uri = malloc(left + 1);
+ if (NULL == uri)
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG(connection->daemon,
+ "Failed to allocate memory for auth header processing\n");
+#endif /* HAVE_MESSAGES */
+ return MHD_NO;
+ }
if (0 == lookup_sub_value (uri,
- sizeof (uri),
+ left + 1,
header, "uri"))
+ {
+ free(uri);
return MHD_NO;
+ }
/* 8 = 4 hexadecimal numbers for the timestamp */
nonce_time = strtoul (nonce + len - 8, (char **)NULL, 16);
@@ -643,7 +662,10 @@
*/
if ( (t > nonce_time + nonce_timeout) ||
(nonce_time + nonce_timeout < nonce_time) )
+ {
+ free(uri);
return MHD_INVALID_NONCE;
+ }
if (0 != strncmp (uri,
connection->url,
strlen (connection->url)))
@@ -652,6 +674,7 @@
MHD_DLOG (connection->daemon,
"Authentication failed, URI does not match.\n");
#endif
+ free(uri);
return MHD_NO;
}
{
@@ -669,7 +692,8 @@
MHD_DLOG (connection->daemon,
"Authentication failed, arguments do not match.\n");
#endif
- return MHD_NO;
+ free(uri);
+ return MHD_NO;
}
}
calculate_nonce (nonce_time,
@@ -690,7 +714,10 @@
*/
if (0 != strcmp (nonce, noncehashexp))
+ {
+ free(uri);
return MHD_INVALID_NONCE;
+ }
if ( (0 == lookup_sub_value (cnonce,
sizeof (cnonce),
header, "cnonce")) ||
@@ -704,6 +731,7 @@
MHD_DLOG (connection->daemon,
"Authentication failed, invalid format.\n");
#endif
+ free(uri);
return MHD_NO;
}
nci = strtoul (nc, &end, 16);
@@ -715,6 +743,7 @@
MHD_DLOG (connection->daemon,
"Authentication failed, invalid format.\n");
#endif
+ free(uri);
return MHD_NO; /* invalid nonce format */
}
/*
@@ -724,7 +753,10 @@
*/
if (MHD_YES != check_nonce_nc (connection, nonce, nci))
+ {
+ free(uri);
return MHD_NO;
+ }
digest_calc_ha1("md5",
username,
@@ -742,6 +774,7 @@
uri,
hentity,
respexp);
+ free(uri);
return (0 == strcmp(response, respexp))
? MHD_YES
: MHD_NO;
@@ -801,10 +834,20 @@
? ",stale=\"true\""
: "");
{
- char header[hlen + 1];
+ char *header;
+
+ header = malloc(hlen + 1);
+ if (NULL == header)
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG(connection->daemon,
+ "Failed to allocate memory for auth response header\n");
+#endif /* HAVE_MESSAGES */
+ return MHD_NO;
+ }
MHD_snprintf_(header,
- sizeof(header),
+ hlen + 1,
"Digest realm=\"%s\",qop=\"auth\",nonce=\"%s\",opaque=\"%s\"%s",
realm,
nonce,
@@ -815,6 +858,7 @@
ret = MHD_add_response_header(response,
MHD_HTTP_HEADER_WWW_AUTHENTICATE,
header);
+ free(header);
}
if (MHD_YES == ret)
ret = MHD_queue_response(connection,
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r34761 - libmicrohttpd/src/microhttpd,
gnunet <=