diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-08-09 19:59:20 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-08-09 21:24:55 +0300 |
commit | 228ddbd181aa6562331f3841649637d73e9d3855 (patch) | |
tree | 26217e56f7836a6993a542f8779243f957cd5851 | |
parent | 20001736f8970e3fdf0e8dc6018bfe2cfdeec950 (diff) | |
download | libmicrohttpd-228ddbd181aa6562331f3841649637d73e9d3855.tar.gz libmicrohttpd-228ddbd181aa6562331f3841649637d73e9d3855.zip |
digestauth: limit nonce-count to uint32_t
-rw-r--r-- | src/microhttpd/digestauth.c | 6 | ||||
-rw-r--r-- | src/microhttpd/internal.h | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index d35a87a7..e9a7e35f 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -590,7 +590,7 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
590 | mod = daemon->nonce_nc_size; | 590 | mod = daemon->nonce_nc_size; |
591 | if (0 == mod) | 591 | if (0 == mod) |
592 | return MHD_CHECK_NONCENC_STALE; /* no array! */ | 592 | return MHD_CHECK_NONCENC_STALE; /* no array! */ |
593 | if (nc >= UINT64_MAX - 64) | 593 | if (nc >= UINT32_MAX - 64) |
594 | return MHD_CHECK_NONCENC_STALE; /* Overflow, unrealistically high value */ | 594 | return MHD_CHECK_NONCENC_STALE; /* Overflow, unrealistically high value */ |
595 | 595 | ||
596 | nn = &daemon->nnc[get_nonce_nc_idx (mod, nonce, noncelen)]; | 596 | nn = &daemon->nnc[get_nonce_nc_idx (mod, nonce, noncelen)]; |
@@ -649,7 +649,7 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
649 | else if (nc > nn->nc) | 649 | else if (nc > nn->nc) |
650 | { | 650 | { |
651 | /* 'nc' is larger, shift bitmask and bump limit */ | 651 | /* 'nc' is larger, shift bitmask and bump limit */ |
652 | const uint64_t jump_size = nc - nn->nc; | 652 | const uint32_t jump_size = (uint32_t) nc - nn->nc; |
653 | if (64 > jump_size) | 653 | if (64 > jump_size) |
654 | { | 654 | { |
655 | /* small jump, less than mask width */ | 655 | /* small jump, less than mask width */ |
@@ -661,7 +661,7 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
661 | nn->nmask = (UINT64_C (1) << 63); | 661 | nn->nmask = (UINT64_C (1) << 63); |
662 | else | 662 | else |
663 | nn->nmask = 0; /* big jump, unset all bits in the mask */ | 663 | nn->nmask = 0; /* big jump, unset all bits in the mask */ |
664 | nn->nc = nc; | 664 | nn->nc = (uint32_t) nc; |
665 | ret = MHD_CHECK_NONCENC_OK; | 665 | ret = MHD_CHECK_NONCENC_OK; |
666 | } | 666 | } |
667 | else if (nc < nn->nc) | 667 | else if (nc < nn->nc) |
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h index e9ffb28a..e91369ad 100644 --- a/src/microhttpd/internal.h +++ b/src/microhttpd/internal.h | |||
@@ -268,7 +268,7 @@ struct MHD_NonceNc | |||
268 | * 'nc' value. | 268 | * 'nc' value. |
269 | * This 'nc' value was already used by the client. | 269 | * This 'nc' value was already used by the client. |
270 | */ | 270 | */ |
271 | uint64_t nc; | 271 | uint32_t nc; |
272 | 272 | ||
273 | /** | 273 | /** |
274 | * Bitmask over the previous 64 nonce counter values (down to to nc-64). | 274 | * Bitmask over the previous 64 nonce counter values (down to to nc-64). |