diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-05-06 15:05:43 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-05-06 15:05:43 +0300 |
commit | 4b3895dd4aa47e550839c11889381e8442e20a4e (patch) | |
tree | 5202d819f8da62d09382558d11ea9d1730864261 | |
parent | 171e6d0591b0c81c6999a9e0d8f65b5624a76f15 (diff) | |
download | libmicrohttpd-4b3895dd4aa47e550839c11889381e8442e20a4e.tar.gz libmicrohttpd-4b3895dd4aa47e550839c11889381e8442e20a4e.zip |
digestauth: added check for valid nonce format in the nonce-nc map
This is required to prevent strlen() runaway.
-rw-r--r-- | src/microhttpd/digestauth.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 11512db0..8d907e13 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -859,6 +859,11 @@ is_slot_available (const struct MHD_NonceNc *const nn, | |||
859 | return true; /* Client already used the nonce in this slot at least | 859 | return true; /* Client already used the nonce in this slot at least |
860 | one time, re-use the slot */ | 860 | one time, re-use the slot */ |
861 | 861 | ||
862 | /* The nonce must be zero-terminated */ | ||
863 | mhd_assert (0 == nn->nonce[sizeof(nn->nonce) - 1]); | ||
864 | if (0 != nn->nonce[sizeof(nn->nonce) - 1]) | ||
865 | return true; /* Wrong nonce format in the slot */ | ||
866 | |||
862 | timestamp_valid = get_nonce_timestamp (nn->nonce, 0, ×tamp); | 867 | timestamp_valid = get_nonce_timestamp (nn->nonce, 0, ×tamp); |
863 | mhd_assert (timestamp_valid); | 868 | mhd_assert (timestamp_valid); |
864 | if (! timestamp_valid) | 869 | if (! timestamp_valid) |