commit 961635da2a9d7363528940f4fa7a0148e96e90d8 parent 7e5206cc032c965f228d77696392d430ef4b5aa9 Author: Evgeny Grin (Karlson2k) <k2k@narod.ru> Date: Thu, 21 Jul 2022 18:59:06 +0300 digest_auth_check(): added check for too large realm value Diffstat:
| M | src/microhttpd/digestauth.c | | | 3 | +++ |
1 file changed, 3 insertions(+), 0 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c @@ -1973,6 +1973,9 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, if (NULL == params->realm.value.str) return MHD_DAUTH_WRONG_HEADER; + else if (((NULL == digest) || params->userhash) && + (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < params->realm.value.len)) + return MHD_DAUTH_TOO_LARGE; /* Realm is too large and it will be used in hash calculations */ if (NULL == params->nc.value.str) return MHD_DAUTH_WRONG_HEADER;