[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 02/02: Fixed wrong usage of maximum client nonce size as
From: |
gnunet |
Subject: |
[libmicrohttpd] 02/02: Fixed wrong usage of maximum client nonce size as maximum size of server nonce |
Date: |
Tue, 07 Jun 2022 19:23:31 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit abe138ee3aaadea496fbdddd23d79fbe40113171
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Tue Jun 7 20:23:18 2022 +0300
Fixed wrong usage of maximum client nonce size as maximum size of server
nonce
This also saves some RAM for nonce-nc map array
---
src/microhttpd/digestauth.c | 8 ++++----
src/microhttpd/internal.h | 12 ++++++++++--
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index c3717d47..890fc129 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -751,7 +751,7 @@ check_nonce_nc (struct MHD_Connection *connection,
mhd_assert (0 != noncelen);
mhd_assert (strlen (nonce) == noncelen);
mhd_assert (0 != nc);
- if (MAX_NONCE_LENGTH < noncelen)
+ if (MAX_DIGEST_NONCE_LENGTH < noncelen)
return MHD_CHECK_NONCENC_WRONG; /* This should be impossible, but static
analysis
tools have a hard time with it *and* this also
protects against unsafe modifications that may
@@ -1010,7 +1010,7 @@ is_slot_available (const struct MHD_NonceNc *const nn,
uint64_t timestamp;
bool timestamp_valid;
mhd_assert (new_nonce_len <= NONCE_STD_LEN (MAX_DIGEST));
- mhd_assert (NONCE_STD_LEN (MAX_DIGEST) < MAX_NONCE_LENGTH);
+ mhd_assert (NONCE_STD_LEN (MAX_DIGEST) <= MAX_DIGEST_NONCE_LENGTH);
if (0 == nn->nonce[0])
return true; /* The slot is empty */
@@ -1071,7 +1071,7 @@ calculate_add_nonce (struct MHD_Connection *const
connection,
const size_t nonce_size = NONCE_STD_LEN (digest_get_size (da));
bool ret;
- mhd_assert (MAX_NONCE_LENGTH >= nonce_size);
+ mhd_assert (MAX_DIGEST_NONCE_LENGTH >= nonce_size);
mhd_assert (0 != nonce_size);
calculate_nonce (timestamp,
@@ -1427,7 +1427,7 @@ digest_auth_check_all (struct MHD_Connection *connection,
unsigned int nonce_timeout)
{
struct MHD_Daemon *daemon = MHD_get_master (connection->daemon);
- char cnonce[MAX_NONCE_LENGTH];
+ char cnonce[MAX_CLIENT_NONCE_LENGTH];
const unsigned int digest_size = digest_get_size (da);
char ha1[VLA_ARRAY_LEN_DIGEST (digest_size) * 2 + 1];
char qop[15]; /* auth,auth-int */
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index 4f03b8fc..92fa932b 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -240,8 +240,16 @@ enum MHD_ConnectionEventLoopInfo
* (already) takes more (see Mantis #1633), so we've increased the
* value to support something longer...
*/
-#define MAX_NONCE_LENGTH 129
+#define MAX_CLIENT_NONCE_LENGTH 129
+/**
+ * The maximum size of MHD-generated nonce when printed with hexadecimal chars.
+ *
+ * This is equal to "(32 bytes for SHA-256 nonce plus 6 bytes for timestamp)
+ * multiplied by two hex chars per byte".
+ * Please keep it in sync with digestauth.c
+ */
+#define MAX_DIGEST_NONCE_LENGTH ((32 + 6) * 2)
/**
* A structure representing the internal holder of the
@@ -269,7 +277,7 @@ struct MHD_NonceNc
/**
* Nonce value:
*/
- char nonce[MAX_NONCE_LENGTH + 1];
+ char nonce[MAX_DIGEST_NONCE_LENGTH + 1];
};
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.