diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-06-23 10:12:18 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-06-23 11:38:54 +0300 |
commit | 23d69214bdbd0ed8a4695cfb19759af9f8f930b8 (patch) | |
tree | 23cc6252c9db28942fb837aed9ae891579196f8a | |
parent | 8b01c152a21e86a7853b0fd335e3885f0b3bd45a (diff) | |
download | libmicrohttpd-23d69214bdbd0ed8a4695cfb19759af9f8f930b8.tar.gz libmicrohttpd-23d69214bdbd0ed8a4695cfb19759af9f8f930b8.zip |
digestauth: added check whether arguments specified in the right order
-rw-r--r-- | src/microhttpd/digestauth.c | 44 |
1 files changed, 27 insertions, 17 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index e6f68222..eb824fe2 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -1215,30 +1215,40 @@ test_header (void *cls, | |||
1215 | struct test_header_param *const param = (struct test_header_param *) cls; | 1215 | struct test_header_param *const param = (struct test_header_param *) cls; |
1216 | struct MHD_Connection *connection = param->connection; | 1216 | struct MHD_Connection *connection = param->connection; |
1217 | struct MHD_HTTP_Req_Header *pos; | 1217 | struct MHD_HTTP_Req_Header *pos; |
1218 | size_t i; | ||
1218 | 1219 | ||
1219 | param->num_headers++; | 1220 | param->num_headers++; |
1221 | i = 0; | ||
1220 | for (pos = connection->headers_received; NULL != pos; pos = pos->next) | 1222 | for (pos = connection->headers_received; NULL != pos; pos = pos->next) |
1221 | { | 1223 | { |
1222 | if (kind != pos->kind) | 1224 | if (kind != pos->kind) |
1223 | continue; | 1225 | continue; |
1224 | if (key_size != pos->header_size) | 1226 | if (++i == param->num_headers) |
1225 | continue; | 1227 | { |
1226 | if (value_size != pos->value_size) | 1228 | if (key_size != pos->header_size) |
1227 | continue; | 1229 | return MHD_NO; |
1228 | if (0 != memcmp (key, | 1230 | if (value_size != pos->value_size) |
1229 | pos->header, | 1231 | return MHD_NO; |
1230 | key_size)) | 1232 | if (0 != key_size) |
1231 | continue; | 1233 | { |
1232 | if ( (NULL == value) && | 1234 | mhd_assert (NULL != key); |
1233 | (NULL == pos->value) ) | 1235 | mhd_assert (NULL != pos->header); |
1236 | if (0 != memcmp (key, | ||
1237 | pos->header, | ||
1238 | key_size)) | ||
1239 | return MHD_NO; | ||
1240 | } | ||
1241 | if (0 != value_size) | ||
1242 | { | ||
1243 | mhd_assert (NULL != value); | ||
1244 | mhd_assert (NULL != pos->value); | ||
1245 | if (0 != memcmp (value, | ||
1246 | pos->value, | ||
1247 | value_size)) | ||
1248 | return MHD_NO; | ||
1249 | } | ||
1234 | return MHD_YES; | 1250 | return MHD_YES; |
1235 | if ( (NULL == value) || | 1251 | } |
1236 | (NULL == pos->value) || | ||
1237 | (0 != memcmp (value, | ||
1238 | pos->value, | ||
1239 | value_size)) ) | ||
1240 | continue; | ||
1241 | return MHD_YES; | ||
1242 | } | 1252 | } |
1243 | return MHD_NO; | 1253 | return MHD_NO; |
1244 | } | 1254 | } |