[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 06/14: digest_auth_check(): removed one more large local
From: |
gnunet |
Subject: |
[libmicrohttpd] 06/14: digest_auth_check(): removed one more large local variable |
Date: |
Thu, 21 Jul 2022 14:08:04 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit 76813be7bf4d60affa5c0c163624346e9ffc9ce1
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Tue Jul 19 21:01:14 2022 +0300
digest_auth_check(): removed one more large local variable
---
src/microhttpd/digestauth.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index d71af682..f55a93d1 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1948,7 +1948,6 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
#if 0
const char *hentity = NULL; /* "auth-int" is not supported */
#endif
- char noncehashexp[NONCE_STD_LEN (VLA_ARRAY_LEN_DIGEST (digest_size)) + 1];
uint64_t nonce_time;
uint64_t t;
uint64_t nci;
@@ -2223,6 +2222,7 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
return MHD_DAUTH_RESPONSE_WRONG;
response_bin = NULL;
+ mhd_assert (sizeof(tmp1) >= (NONCE_STD_LEN (digest_size) + 1));
/* It was already checked that 'nonce' (including timestamp) was generated
by MHD. The next check is mostly an overcaution. */
calculate_nonce (nonce_time,
@@ -2235,9 +2235,9 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
realm,
realm_len,
da,
- noncehashexp);
+ tmp1);
- if (! is_param_equal (¶ms->nonce, noncehashexp,
+ if (! is_param_equal (¶ms->nonce, tmp1,
NONCE_STD_LEN (digest_size)))
return MHD_DAUTH_NONCE_WRONG;
/* The 'nonce' was generated in the same conditions */
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (bd88a19e -> 22796735), gnunet, 2022/07/21
- [libmicrohttpd] 01/14: test_basicauth: Fixed doxy, gnunet, 2022/07/21
- [libmicrohttpd] 02/14: test_digest: improved test URI, gnunet, 2022/07/21
- [libmicrohttpd] 04/14: digestauth: simplified internal function call, gnunet, 2022/07/21
- [libmicrohttpd] 03/14: digestauth: added small helper function to simplify the code, gnunet, 2022/07/21
- [libmicrohttpd] 06/14: digest_auth_check(): removed one more large local variable,
gnunet <=
- [libmicrohttpd] 07/14: digest calculations: further simplified code, removed some local variables, gnunet, 2022/07/21
- [libmicrohttpd] 08/14: digestauth: removed usage of variable-length arrays, gnunet, 2022/07/21
- [libmicrohttpd] 11/14: digestauth: fixed username extraction with the new API, gnunet, 2022/07/21
- [libmicrohttpd] 10/14: digest_auth_check(): updated the order of parameters check, gnunet, 2022/07/21
- [libmicrohttpd] 12/14: digestauth: do not allocate extra space for extended notation, gnunet, 2022/07/21
- [libmicrohttpd] 05/14: digestauth: added sanity check for digest macros, gnunet, 2022/07/21
- [libmicrohttpd] 09/14: digest_auth_check(): added support for username in extended notation, gnunet, 2022/07/21
- [libmicrohttpd] 13/14: digestauth: added support for extended notation for old API, gnunet, 2022/07/21
- [libmicrohttpd] 14/14: Added test for Digest Auth with username in extended notation, gnunet, 2022/07/21