commit 05a79fdb36600236bb52b9a7830e627fa3c5e9ca
parent 9f226932dca5215dfbabc6ac243e37b349371daf
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date: Fri, 6 May 2022 11:37:23 +0300
digestauth: fixed logic of free nonce-nc slot detection
Diffstat:
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
@@ -845,11 +845,8 @@ is_slot_available (const struct MHD_NonceNc *const nn,
if (0 == nn->nonce[0])
return true; /* The slot is empty */
- if (0 != nn->nc)
- return true; /* Client already used the nonce in this slot at least
- one time, re-use the slot */
-
- if (0 == memcmp (nn->nonce, new_nonce, new_nonce_len + 1))
+ if ((0 == memcmp (nn->nonce, new_nonce, new_nonce_len)) &&
+ (0 == nn->nonce[new_nonce_len]))
{
/* The slot has the same nonce already, the same nonce was already generated
* and used, this slot cannot be used with the same nonce as it would
@@ -857,6 +854,10 @@ is_slot_available (const struct MHD_NonceNc *const nn,
return false;
}
+ if (0 != nn->nc)
+ return true; /* Client already used the nonce in this slot at least
+ one time, re-use the slot */
+
timestamp_valid = get_nonce_timestamp (nn->nonce, 0, ×tamp);
mhd_assert (timestamp_valid);
if (! timestamp_valid)
