[libmicrohttpd] [digest-auth]: bug in hash algorithm

From: Andreas Wehrmann <a.wehrmann@centersystems.com> To: libmicrohttpd@gnu.org Date: Today 08:58:43 am Spam Status: Spamassassin 0% probability of being spam. Full report: Probability=No, score=-3.2 required=7.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.5-tuminfo_1 Hello! I wrote a little testpage that I deliver using libmicrohttpd using digest authentication. The testpage consists of four files (framed page + image file). When I initially connected to the webserver via the browser it correctly challenged me for my credentials. However, after entering the username and password the index file got loaded but it happened that the browser then challenged me again for each additional file to be loaded. Since this is very annoying I tried increasing the nonce table size to 3000 (was default) but it was no good. I then dug a little deeper and found out, that the hash algorithm to determine the index for a given nonce always returned zero thus overwriting other nonces. The offending line is at check_nonce_nc() in digestauth.c:313: off = (off << 8) | (*np & (off >> 24)); whereas is should be: off = (off << 8) | (*np ^ (off >> 24)); Since "off" is initialized with zero and an unsigned integer a logical AND returns zero which is not right obviously. After this fix, the server challenged me only once and I got "random" indices. I found the problem in libmicrohttpd 0.9.5. Best regards, Andreas Wehrmann -- Dipl.-Ing. (FH) Andreas Wehrmann Software Development -------------------------------------------------------------- Center Communication Systems GmbH A-1210 Wien, Ignaz-Köck-Straße 19 Sitz in Wien FN 796 88p, Firmenbuchgericht Wien www.centersystems.com Tel.: +43 (0) 190 199 - 3616 Mobile: +43 (0) 664 884 75916 Fax: +43 (0) 190 199 - 2110 E-Mail: a.wehrmann@centersystems.com
author: Christian Grothoff <christian@grothoff.org> 2011-01-18 23:00:02 +0000
committer: Christian Grothoff <christian@grothoff.org> 2011-01-18 23:00:02 +0000
commit: 5a6952fe90fdfbb311d81fb4ac96027bec867d8e (patch)
tree: 3f41cbb70f862cfd205b5958bc4e031706353216
parent: 3d970622b770a16dde6b1e552d51c48ecdb5d7f1 (diff)
download: libmicrohttpd-5a6952fe90fdfbb311d81fb4ac96027bec867d8e.tar.gz
libmicrohttpd-5a6952fe90fdfbb311d81fb4ac96027bec867d8e.zip
3 files changed, 7 insertions, 1 deletions
diff --git a/AUTHORS b/AUTHORS
index 68628285..8c663bc4 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -28,6 +28,7 @@ Geoffrey McRae <geoff@spacevs.com>
 Piotr Grzybowski <narsil.pl@gmail.com>
 Gerrit Telkamp <g.telkamp@domologic.de>
 Erik Slagter <erik@slagter.name>
+Andreas Wehrmann <a.wehrmann@centersystems.com>
 Documentation contributions also came from:
 Marco Maggi <marco.maggi-ipsu@poste.it>
diff --git a/ChangeLog b/ChangeLog
index bfc0af83..c9847cbc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Tue Jan 18 23:58:09 CET 2011
+        Fixing hash calculation in digest auth; old function had
+        collisions causing the browser to challenge users for
+        authentication too often. -CG/AW
 Fri Jan 14 19:19:45 CET 2011
        Removing dead code, adding missing new symbols to export list.
        Fixed two missing NULL checks after malloc operations. -CG
diff --git a/src/daemon/digestauth.c b/src/daemon/digestauth.c
index 72bff56f..4415902b 100644
--- a/src/daemon/digestauth.c
+++ b/src/daemon/digestauth.c
@@ -310,7 +310,7 @@ check_nonce_nc (struct MHD_Connection *connection,
  np = nonce;
  while (*np != '\0')
    {
-      off = (off << 8) | (*np & (off >> 24));
+      off = (off << 8) | (*np ^ (off >> 24));
      np++;
    }
  off = off % mod;
author	Christian Grothoff <christian@grothoff.org>	2011-01-18 23:00:02 +0000
committer	Christian Grothoff <christian@grothoff.org>	2011-01-18 23:00:02 +0000
commit	5a6952fe90fdfbb311d81fb4ac96027bec867d8e (patch)
tree	3f41cbb70f862cfd205b5958bc4e031706353216
parent	3d970622b770a16dde6b1e552d51c48ecdb5d7f1 (diff)
download	libmicrohttpd-5a6952fe90fdfbb311d81fb4ac96027bec867d8e.tar.gz libmicrohttpd-5a6952fe90fdfbb311d81fb4ac96027bec867d8e.zip