[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 04/09: check_nonce_nc(): simplified
From: |
gnunet |
Subject: |
[libmicrohttpd] 04/09: check_nonce_nc(): simplified |
Date: |
Sun, 01 May 2022 16:08:50 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit 628a28d6072acdfccf6237eca6743ac0caf7e921
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Sun May 1 15:34:25 2022 +0300
check_nonce_nc(): simplified
If 'nc' is not valid, then 'nonce' is always stale as 'nonce' validity
has been checked already.
---
src/microhttpd/digestauth.c | 39 +++++++++++++--------------------------
1 file changed, 13 insertions(+), 26 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index ff13cf09..81e50785 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -578,7 +578,7 @@ add_nonce (struct MHD_Connection *connection,
* @param nc The nonce counter, zero to add the nonce to the array
* @return #MHD_YES if successful, #MHD_NO if invalid (or we have no NC array)
*/
-static enum MHD_Result
+static bool
check_nonce_nc (struct MHD_Connection *connection,
const char *nonce,
size_t noncelen,
@@ -588,20 +588,18 @@ check_nonce_nc (struct MHD_Connection *connection,
struct MHD_NonceNc *nn;
uint32_t off;
uint32_t mod;
- enum MHD_Result ret;
- bool stale;
+ bool ret;
- stale = false;
mhd_assert (noncelen != strlen (nonce));
mhd_assert (0 != nc);
if (MAX_NONCE_LENGTH < noncelen)
- return MHD_NO; /* This should be impossible, but static analysis
+ return false; /* This should be impossible, but static analysis
tools have a hard time with it *and* this also
protects against unsafe modifications that may
happen in the future... */
mod = daemon->nonce_nc_size;
if (0 == mod)
- return MHD_NO; /* no array! */
+ return false; /* no array! */
/* HT lookup in nonce array */
off = fast_simple_hash ((const uint8_t *) nonce, noncelen) % mod;
/*
@@ -615,11 +613,7 @@ check_nonce_nc (struct MHD_Connection *connection,
if ( (0 != memcmp (nn->nonce, nonce, noncelen)) ||
(0 != nn->nonce[noncelen]) )
- {
- /* Nonce does not match, fail */
- stale = true;
- ret = MHD_NO;
- }
+ ret = false; /* Nonce does not match, fail */
/* Note that we use 64 here, as we do not store the
bit for 'nn->nc' itself in 'nn->nmask' */
else if ( (nc < nn->nc) &&
@@ -629,14 +623,10 @@ check_nonce_nc (struct MHD_Connection *connection,
{
/* Out-of-order nonce, but within 64-bit bitmask, set bit */
nn->nmask |= (1LLU << (nn->nc - nc - 1));
- ret = MHD_YES;
+ ret = true;
}
else if (nc <= nn->nc)
- {
- /* Nonce does not match, fail */
- stale = true;
- ret = MHD_NO;
- }
+ ret = false; /* Nonce does not match, fail */
else
{
/* Nonce is larger, shift bitmask and bump limit */
@@ -645,16 +635,14 @@ check_nonce_nc (struct MHD_Connection *connection,
else
nn->nmask = 0; /* big jump, unset all bits in the mask */
nn->nc = nc;
- ret = MHD_YES;
+ ret = true;
}
MHD_mutex_unlock_chk_ (&daemon->nnc_lock);
#ifdef HAVE_MESSAGES
- if (stale)
+ if (! ret)
MHD_DLOG (daemon,
_ ("Stale nonce received. If this happens a lot, you should "
"probably increase the size of the nonce array.\n"));
-#else
- (void) stale; /* Mute compiler warning */
#endif
return ret;
}
@@ -1081,11 +1069,10 @@ digest_auth_check_all (struct MHD_Connection
*connection,
* and not a replay attack attempt. Refuse if nonce was not
* generated previously.
*/
- if (MHD_NO ==
- check_nonce_nc (connection,
- nonce,
- nonce_len,
- nci))
+ if (! check_nonce_nc (connection,
+ nonce,
+ nonce_len,
+ nci))
{
return MHD_NO;
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (06336118 -> 76b68f65), gnunet, 2022/05/01
- [libmicrohttpd] 04/09: check_nonce_nc(): simplified,
gnunet <=
- [libmicrohttpd] 01/09: microhttpd.h: fixed list of required types, gnunet, 2022/05/01
- [libmicrohttpd] 02/09: digestauth: when checking 'nc' reuse always check nonce match first, gnunet, 2022/05/01
- [libmicrohttpd] 03/09: struct MHD_NonceNc: improved doxy, gnunet, 2022/05/01
- [libmicrohttpd] 07/09: check_nonce_nc(): fixed missing set of the bit for the old 'nc' value, gnunet, 2022/05/01
- [libmicrohttpd] 06/09: check_nonce_nc(): moved 'nc' overflow check out of mutex lock, gnunet, 2022/05/01
- [libmicrohttpd] 05/09: check_nonce_nc(): improved readability, fixed comments, gnunet, 2022/05/01
- [libmicrohttpd] 09/09: check_nonce_nc(): sorted checks according to probability, gnunet, 2022/05/01
- [libmicrohttpd] 08/09: check_nonce_nc(): additionally improved readability, fixed comments, gnunet, 2022/05/01