[libmicrohttpd] 02/02: digestauth: use GET parameters in digest calculat

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] 02/02: digestauth: use GET parameters in digest calculat

From:	gnunet
Subject:	[libmicrohttpd] 02/02: digestauth: use GET parameters in digest calculation
Date:	Thu, 23 Jun 2022 21:14:40 +0200

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit 8e4eba0e70690673643c0945bf6433f766a2bf65
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Thu Jun 23 12:39:57 2022 +0300

    digestauth: use GET parameters in digest calculation
---
 src/microhttpd/digestauth.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 6094ac7d..1e25fa4a 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -930,12 +930,14 @@ calculate_nonce (uint64_t nonce_time,
                  size_t rnd_size,
                  const char *uri,
                  size_t uri_len,
+                 struct MHD_HTTP_Req_Header *first_header,
                  const char *realm,
                  size_t realm_len,
                  struct DigestAlgorithm *da,
                  char *nonce)
 {
   uint8_t timestamp[TIMESTAMP_BIN_SIZE];
+  struct MHD_HTTP_Req_Header *h;
 
   digest_init (da);
   /* If the nonce_time is milliseconds, then the same 48 bit value will repeat
@@ -971,6 +973,17 @@ calculate_nonce (uint64_t nonce_time,
   digest_update (da,
                  (const unsigned char *) uri,
                  uri_len);
+  for (h = first_header; NULL != h; h = h->next)
+  {
+    if (MHD_GET_ARGUMENT_KIND != h->kind)
+      continue;
+    digest_update (da, (const uint8_t *) "##", 3);
+    if (0 != h->header_size)
+      digest_update (da, (const uint8_t *) h->header, h->header_size);
+    digest_update (da, (const uint8_t *) "#", 2);
+    if (0 != h->value_size)
+      digest_update (da, (const uint8_t *) h->value, h->value_size);
+  }
   digest_update (da,
                  (const unsigned char *) ":",
                  1);
@@ -1081,6 +1094,7 @@ calculate_add_nonce (struct MHD_Connection *const 
connection,
                    daemon->digest_auth_rand_size,
                    connection->url,
                    connection->url_len,
+                   connection->headers_received,
                    realm,
                    realm_len,
                    da,
@@ -1593,6 +1607,7 @@ digest_auth_check_all_inner (struct MHD_Connection 
*connection,
                    daemon->digest_auth_rand_size,
                    connection->url,
                    connection->url_len,
+                   connection->headers_received,
                    realm,
                    realm_len,
                    da,

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] branch master updated (2de47d20 -> 8e4eba0e), gnunet, 2022/06/23
- [libmicrohttpd] 02/02: digestauth: use GET parameters in digest calculation, gnunet <=
- [libmicrohttpd] 01/02: digestauth: use pre-calculated URI length to avoid stop at first binary zero, gnunet, 2022/06/23

Prev by Date: [libmicrohttpd] branch master updated (2de47d20 -> 8e4eba0e)
Next by Date: [libmicrohttpd] 01/02: digestauth: use pre-calculated URI length to avoid stop at first binary zero
Previous by thread: [libmicrohttpd] branch master updated (2de47d20 -> 8e4eba0e)
Next by thread: [libmicrohttpd] 01/02: digestauth: use pre-calculated URI length to avoid stop at first binary zero
Index(es):
- Date
- Thread