commit 6245c9a0a2d5dadbb87474b36f09a07ec0cf6d26
parent f7d878ed667da7da65a14542561c84b16a615062
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date: Wed, 4 May 2022 14:07:29 +0300
digestauth: added run-time checks for algo value
Diffstat:
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
@@ -1305,6 +1305,8 @@ MHD_digest_auth_check2 (struct MHD_Connection *connection,
SETUP_DA (algo, da);
mhd_assert (NULL != password);
+ if (0 == da.digest_size)
+ MHD_PANIC (_ ("Wrong algo value.\n")); /* API violation! */
return digest_auth_check_all (connection,
&da,
realm,
@@ -1344,7 +1346,7 @@ MHD_digest_auth_check_digest2 (struct MHD_Connection *connection,
SETUP_DA (algo, da);
mhd_assert (NULL != digest);
- if (da.digest_size != digest_size)
+ if ((da.digest_size != digest_size) || (0 == digest_size))
MHD_PANIC (_ ("Digest size mismatch.\n")); /* API violation! */
return digest_auth_check_all (connection,
&da,
@@ -1418,6 +1420,9 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection *connection,
int hlen;
SETUP_DA (algo, da);
+ if (0 == da.digest_size)
+ MHD_PANIC (_ ("Wrong algo value.\n")); /* API violation! */
+
if (NULL == response)
return MHD_NO;
