commit 6224ac6264f0f582af7584696ae6081cfa84237a
parent 5658583a8811537a5a42d5c7a93d6b4d9c685327
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date: Mon, 2 May 2022 14:19:49 +0300
digestauth: use mseconds for timestamp
The clash of nonces is lower with higher timestamp resolution
Diffstat:
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
@@ -1018,13 +1018,13 @@ digest_auth_check_all (struct MHD_Connection *connection,
return MHD_NO;
}
- t = (uint64_t) MHD_monotonic_sec_counter ();
+ t = MHD_monotonic_msec_counter ();
/*
* First level vetting for the nonce validity: if the timestamp
* attached to the nonce exceeds `nonce_timeout', then the nonce is
* invalid.
*/
- if (TRIM_TO_TIMESTAMP (t - nonce_time) > nonce_timeout)
+ if (TRIM_TO_TIMESTAMP (t - nonce_time) > (nonce_timeout * 1000))
{
/* too old */
return MHD_INVALID_NONCE;
@@ -1447,7 +1447,7 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection *connection,
VLA_CHECK_LEN_DIGEST (da.digest_size);
/* Generating the server nonce */
- calculate_nonce ((uint64_t) MHD_monotonic_sec_counter (),
+ calculate_nonce (MHD_monotonic_msec_counter (),
connection->method,
connection->daemon->digest_auth_random,
connection->daemon->digest_auth_rand_size,
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
@@ -236,7 +236,7 @@ enum MHD_ConnectionEventLoopInfo
/**
* Maximum length of a nonce in digest authentication. 64(SHA-256 Hex) +
- * 8(Timestamp Hex) + 1(NULL); hence 73 should suffice, but Opera
+ * 12(Timestamp Hex) + 1(NULL); hence 77 should suffice, but Opera
* (already) takes more (see Mantis #1633), so we've increased the
* value to support something longer...
*/
