remove requirement for VLA in digestauth.c logic

author: Christian Grothoff <christian@grothoff.org> 2018-12-11 10:06:21 +0100
committer: Christian Grothoff <christian@grothoff.org> 2018-12-11 10:06:42 +0100
commit: 273a6df932af73d7c84fef8668a53b2e65311e24 (patch)
tree: 4f562f84988aa6bc512a5d88c4bdc79e4c77180c
parent: e13c79ee3b5208c8b94538144abe58eab099b3f8 (diff)
download: libmicrohttpd-273a6df932af73d7c84fef8668a53b2e65311e24.tar.gz
libmicrohttpd-273a6df932af73d7c84fef8668a53b2e65311e24.zip
5 files changed, 41 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 5ff5acc9..c250ef2e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+Tue Dec 11 09:58:32 CET 2018
+        Add logic to avoid VLA arrays with compilers that do not support them. -CG
 Sat Dec  8 23:15:53 CET 2018
        Fixed missing WSA_FLAG_OVERLAPPED which can cause W32 to block on
        socket races when using threadpool. (See very detailed description
diff --git a/configure.ac b/configure.ac
index 9e0b6e12..a03205dc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -661,6 +661,7 @@ AX_CHECK_LINK_FLAG([-fno-strict-aliasing],
  [AX_APPEND_COMPILE_FLAGS([-fno-strict-aliasing])])
 AC_C_BIGENDIAN
+AC_C_VARARRAYS
 AC_CHECK_PROG([HAVE_CURL_BINARY],[curl],[yes],[no])
 AM_CONDITIONAL([HAVE_CURL_BINARY],[test "x$HAVE_CURL_BINARY" = "xyes"])
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 1d966233..dba9a4ca 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -126,7 +126,7 @@ typedef intptr_t ssize_t;
 * Current version of the library.
 * 0x01093001 = 1.9.30-1.
 */
-#define MHD_VERSION 0x00096201
+#define MHD_VERSION 0x00096202
 /**
 * MHD-internal return code for "YES".
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 424c3761..af146c31 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -52,6 +52,32 @@
 #define NONCE_STD_LEN(digest_size) \
  ((digest_size) * 2 + TIMESTAMP_BIN_SIZE * 2)
+/**
+ * Maximum size of any digest hash supported by MHD.
+ * (SHA-256 > MD5).
+ */
+#define MAX_DIGEST SHA256_DIGEST_SIZE
+/**
+ * Macro to avoid using VLAs if the compiler does not support them.
+ */
+#if __STDC_NO_VLA__
+/**
+ * Check that @a n is below #MAX_DIGEST, then return #MAX_DIGEST.
+ *
+ * @param n length of the digest to be used for a VLA
+ */
+#define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),MAX_DIGEST)
+#else
+/**
+ * Check that @a n is below #MAX_DIGEST, then return @a n.
+ *
+ * @param n length of the digest to be used for a VLA
+ */
+#define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),n)
+#endif
 /**
 * Beginning string for any valid Digest authentication header.
 */
@@ -185,7 +211,7 @@ digest_calc_ha1_from_digest (const char *alg,
       (MHD_str_equal_caseless_(alg,
                                "sha-256-sess")) )
    {
-      uint8_t dig[da->digest_size];
+      uint8_t dig[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
      da->init (da->ctx);
      da->update (da->ctx,
@@ -241,7 +267,7 @@ digest_calc_ha1_from_user (const char *alg,
                           const char *cnonce,
                           struct DigestAlgorithm *da)
 {
-  unsigned char ha1[da->digest_size];
+  unsigned char ha1[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
  da->init (da->ctx);
  da->update (da->ctx,
@@ -296,8 +322,8 @@ digest_calc_response (const char *ha1,
                      const char *hentity,
                      struct DigestAlgorithm *da)
 {
-  unsigned char ha2[da->digest_size];
+  unsigned char ha2[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
-  unsigned char resphash[da->digest_size];
+  unsigned char resphash[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
  (void)hentity; /* Unused. Silence compiler warning. */
  da->init (da->ctx);
@@ -638,7 +664,7 @@ calculate_nonce (uint32_t nonce_time,
                 char *nonce)
 {
  unsigned char timestamp[TIMESTAMP_BIN_SIZE];
-  unsigned char tmpnonce[da->digest_size];
+  unsigned char tmpnonce[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
  char timestamphex[TIMESTAMP_BIN_SIZE * 2 + 1];
  da->init (da->ctx);
@@ -815,12 +841,12 @@ digest_auth_check_all (struct MHD_Connection *connection,
  const char *header;
  char nonce[MAX_NONCE_LENGTH];
  char cnonce[MAX_NONCE_LENGTH];
-  char ha1[da->digest_size * 2 + 1];
+  char ha1[VLA_ARRAY_LEN_DIGEST(da->digest_size) * 2 + 1];
  char qop[15]; /* auth,auth-int */
  char nc[20];
  char response[MAX_AUTH_RESPONSE_LENGTH];
  const char *hentity = NULL; /* "auth-int" is not supported */
-  char noncehashexp[NONCE_STD_LEN(da->digest_size) + 1];
+  char noncehashexp[NONCE_STD_LEN(VLA_ARRAY_LEN_DIGEST(da->digest_size)) + 1];
  uint32_t nonce_time;
  uint32_t t;
  size_t left; /* number of characters left in 'header' for 'uri' */
diff --git a/w32/common/MHD_config.h b/w32/common/MHD_config.h
index 21db7eae..964df10d 100644
--- a/w32/common/MHD_config.h
+++ b/w32/common/MHD_config.h
@@ -9,6 +9,9 @@
 /* Define if MS VC compiler is used */
 #define MSVC 1
+/* Define that MS VC does not support VLAs */
+#define __STDC_NO_VLA__ 1
 /* Define to 1 if your C compiler supports inline functions. */
 #define INLINE_FUNC 1
author	Christian Grothoff <christian@grothoff.org>	2018-12-11 10:06:21 +0100
committer	Christian Grothoff <christian@grothoff.org>	2018-12-11 10:06:42 +0100
commit	273a6df932af73d7c84fef8668a53b2e65311e24 (patch)
tree	4f562f84988aa6bc512a5d88c4bdc79e4c77180c
parent	e13c79ee3b5208c8b94538144abe58eab099b3f8 (diff)
download	libmicrohttpd-273a6df932af73d7c84fef8668a53b2e65311e24.tar.gz libmicrohttpd-273a6df932af73d7c84fef8668a53b2e65311e24.zip