digest_auth_check(): removed one more large local variable - libmicrohttpd - HTTP/1.x server C library (MHD 1.x, stable)

commit 76813be7bf4d60affa5c0c163624346e9ffc9ce1
parent 98ade6e6fee9811dbeaacba2b4b6e5c05da65334
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date:   Tue, 19 Jul 2022 21:01:14 +0300

digest_auth_check(): removed one more large local variable

Diffstat:
M src/microhttpd/digestauth.c  | 6 +++---

1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
@@ -1948,7 +1948,6 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
 #if 0
   const char *hentity = NULL; /* "auth-int" is not supported */
 #endif
-  char noncehashexp[NONCE_STD_LEN (VLA_ARRAY_LEN_DIGEST (digest_size)) + 1];
   uint64_t nonce_time;
   uint64_t t;
   uint64_t nci;
@@ -2223,6 +2222,7 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
     return MHD_DAUTH_RESPONSE_WRONG;
   response_bin = NULL;
 
+  mhd_assert (sizeof(tmp1) >= (NONCE_STD_LEN (digest_size) + 1));
   /* It was already checked that 'nonce' (including timestamp) was generated
      by MHD. The next check is mostly an overcaution. */
   calculate_nonce (nonce_time,
@@ -2235,9 +2235,9 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
                    realm,
                    realm_len,
                    da,
-                   noncehashexp);
+                   tmp1);
 
-  if (! is_param_equal (&params->nonce, noncehashexp,
+  if (! is_param_equal (&params->nonce, tmp1,
                         NONCE_STD_LEN (digest_size)))
     return MHD_DAUTH_NONCE_WRONG;
   /* The 'nonce' was generated in the same conditions */

	libmicrohttpd HTTP/1.x server C library (MHD 1.x, stable)
	Log \| Files \| Refs \| Submodules \| README \| LICENSE