libmicrohttpd

HTTP/1.x server C library (MHD 1.x, stable)
Log | Files | Refs | Submodules | README | LICENSE
commit 273a6df932af73d7c84fef8668a53b2e65311e24
parent e13c79ee3b5208c8b94538144abe58eab099b3f8
Author: Christian Grothoff <christian@grothoff.org>
Date:   Tue, 11 Dec 2018 10:06:21 +0100

remove requirement for VLA in digestauth.c logic

Diffstat:

MChangeLog | 3+++


Mconfigure.ac | 1+


Msrc/include/microhttpd.h | 2+-


Msrc/microhttpd/digestauth.c | 40+++++++++++++++++++++++++++++++++-------


Mw32/common/MHD_config.h | 3+++


5 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,6 @@
+Tue Dec 11 09:58:32 CET 2018
+	Add logic to avoid VLA arrays with compilers that do not support them. -CG
+
 Sat Dec  8 23:15:53 CET 2018
 	Fixed missing WSA_FLAG_OVERLAPPED which can cause W32 to block on
 	socket races when using threadpool. (See very detailed description
diff --git a/configure.ac b/configure.ac
@@ -661,6 +661,7 @@ AX_CHECK_LINK_FLAG([-fno-strict-aliasing],
   [AX_APPEND_COMPILE_FLAGS([-fno-strict-aliasing])])
 
 AC_C_BIGENDIAN
+AC_C_VARARRAYS
 
 AC_CHECK_PROG([HAVE_CURL_BINARY],[curl],[yes],[no])
 AM_CONDITIONAL([HAVE_CURL_BINARY],[test "x$HAVE_CURL_BINARY" = "xyes"])
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
@@ -126,7 +126,7 @@ typedef intptr_t ssize_t;
  * Current version of the library.
  * 0x01093001 = 1.9.30-1.
  */
-#define MHD_VERSION 0x00096201
+#define MHD_VERSION 0x00096202
 
 /**
  * MHD-internal return code for "YES".
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
@@ -52,6 +52,32 @@
 #define NONCE_STD_LEN(digest_size) \
   ((digest_size) * 2 + TIMESTAMP_BIN_SIZE * 2)
 
+
+/**
+ * Maximum size of any digest hash supported by MHD.
+ * (SHA-256 > MD5).
+ */
+#define MAX_DIGEST SHA256_DIGEST_SIZE
+
+/**
+ * Macro to avoid using VLAs if the compiler does not support them.
+ */
+#if __STDC_NO_VLA__
+/**
+ * Check that @a n is below #MAX_DIGEST, then return #MAX_DIGEST.
+ *
+ * @param n length of the digest to be used for a VLA
+ */
+#define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),MAX_DIGEST)
+#else
+/**
+ * Check that @a n is below #MAX_DIGEST, then return @a n.
+ *
+ * @param n length of the digest to be used for a VLA
+ */
+#define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),n)
+#endif
+
 /**
  * Beginning string for any valid Digest authentication header.
  */
@@ -185,7 +211,7 @@ digest_calc_ha1_from_digest (const char *alg,
        (MHD_str_equal_caseless_(alg,
                                 "sha-256-sess")) )
     {
-      uint8_t dig[da->digest_size];
+      uint8_t dig[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
 
       da->init (da->ctx);
       da->update (da->ctx,
@@ -241,7 +267,7 @@ digest_calc_ha1_from_user (const char *alg,
 			   const char *cnonce,
                            struct DigestAlgorithm *da)
 {
-  unsigned char ha1[da->digest_size];
+  unsigned char ha1[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
 
   da->init (da->ctx);
   da->update (da->ctx,
@@ -296,8 +322,8 @@ digest_calc_response (const char *ha1,
 		      const char *hentity,
 		      struct DigestAlgorithm *da)
 {
-  unsigned char ha2[da->digest_size];
-  unsigned char resphash[da->digest_size];
+  unsigned char ha2[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
+  unsigned char resphash[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
   (void)hentity; /* Unused. Silence compiler warning. */
 
   da->init (da->ctx);
@@ -638,7 +664,7 @@ calculate_nonce (uint32_t nonce_time,
 		 char *nonce)
 {
   unsigned char timestamp[TIMESTAMP_BIN_SIZE];
-  unsigned char tmpnonce[da->digest_size];
+  unsigned char tmpnonce[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
   char timestamphex[TIMESTAMP_BIN_SIZE * 2 + 1];
 
   da->init (da->ctx);
@@ -815,12 +841,12 @@ digest_auth_check_all (struct MHD_Connection *connection,
   const char *header;
   char nonce[MAX_NONCE_LENGTH];
   char cnonce[MAX_NONCE_LENGTH];
-  char ha1[da->digest_size * 2 + 1];
+  char ha1[VLA_ARRAY_LEN_DIGEST(da->digest_size) * 2 + 1];
   char qop[15]; /* auth,auth-int */
   char nc[20];
   char response[MAX_AUTH_RESPONSE_LENGTH];
   const char *hentity = NULL; /* "auth-int" is not supported */
-  char noncehashexp[NONCE_STD_LEN(da->digest_size) + 1];
+  char noncehashexp[NONCE_STD_LEN(VLA_ARRAY_LEN_DIGEST(da->digest_size)) + 1];
   uint32_t nonce_time;
   uint32_t t;
   size_t left; /* number of characters left in 'header' for 'uri' */
diff --git a/w32/common/MHD_config.h b/w32/common/MHD_config.h
@@ -9,6 +9,9 @@
 /* Define if MS VC compiler is used */
 #define MSVC 1
 
+/* Define that MS VC does not support VLAs */
+#define __STDC_NO_VLA__ 1
+
 /* Define to 1 if your C compiler supports inline functions. */
 #define INLINE_FUNC 1