brutally simplify VLA macro for stupid compilers

author: Christian Grothoff <christian@grothoff.org> 2018-12-12 01:45:57 +0100
committer: Christian Grothoff <christian@grothoff.org> 2018-12-12 01:45:57 +0100
commit: 5d75a87ef6270e65c54f63b66f8d9c8052ef60e9 (patch)
tree: 78bd8b7c87f875eb7174f9cd4e1440bcdcb7fcd2
parent: 7ea8a3310e44d1ee3f455c3c1a1c630ca54057b3 (diff)
download: libmicrohttpd-5d75a87ef6270e65c54f63b66f8d9c8052ef60e9.tar.gz
libmicrohttpd-5d75a87ef6270e65c54f63b66f8d9c8052ef60e9.zip
3 files changed, 19 insertions, 21 deletions
diff --git a/configure.ac b/configure.ac
index a03205dc..44c7d294 100644
--- a/configure.ac
+++ b/configure.ac
@@ -743,7 +743,7 @@ fd = epoll_create1(EPOLL_CLOEXEC);]])],
    AC_DEFINE([[HAVE_EPOLL_CREATE1]], [[1]], [Define if you have epoll_create1 function.])]))
 # Check for headers that are ALWAYS required
-AC_CHECK_HEADERS([fcntl.h math.h errno.h limits.h stdio.h locale.h sys/stat.h sys/types.h], [], [AC_MSG_ERROR([Compiling libmicrohttpd requires standard UNIX headers files])], [AC_INCLUDES_DEFAULT])
+AC_CHECK_HEADERS_ONCE([fcntl.h math.h errno.h limits.h stdio.h locale.h sys/stat.h sys/types.h], [], [AC_MSG_ERROR([Compiling libmicrohttpd requires standard UNIX headers files])], [AC_INCLUDES_DEFAULT])
 # Check for optional headers
 AC_CHECK_HEADERS([sys/types.h sys/time.h sys/msg.h time.h sys/mman.h sys/ioctl.h \
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 1eea4446..d4e23fef 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -59,40 +59,31 @@
 */
 #define MAX_DIGEST SHA256_DIGEST_SIZE
-#define MAX_NONCE NONCE_STD_LEN((MAX_DIGEST)+1)
 /**
 * Macro to avoid using VLAs if the compiler does not support them.
 */
 #if __STDC_NO_VLA__
 /**
- * Check that @a n is below #MAX_DIGEST, then return #MAX_DIGEST.
+ * Return #MAX_DIGEST.
 *
 * @param n length of the digest to be used for a VLA
 */
-#define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),MAX_DIGEST)
+#define VLA_ARRAY_LEN_DIGEST(n) (MAX_DIGEST)
-/**
- * Check that @a n is below #MAX_NONCE, then return #MAX_NONCE.
- *
- * @param n length of the digest to be used for a VLA
- */
-#define VLA_ARRAY_LEN_NONCE(n) (((n) <= MAX_NONCE?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),MAX_NONCE)
 #else
 /**
- * Check that @a n is below #MAX_DIGEST, then return @a n.
+ * Return @a n.
 *
 * @param n length of the digest to be used for a VLA
 */
-#define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),n)
+#define VLA_ARRAY_LEN_DIGEST(n) (n)
+#endif
 /**
- * Check that @a n is below #MAX_NONCE, then return @a n.
+ * Check that @a n is below #MAX_NONCE
- *
- * @param n length of the digest to be used for a VLA
 */
-#define VLA_ARRAY_LEN_NONCE(n) (((n) <= MAX_NONCE?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),n)
+#define VLA_CHECK_LEN_DIGEST(n) do { if ((n) > MAX_DIGEST) mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"); } while (0)
-#endif
 /**
 * Beginning string for any valid Digest authentication header.
@@ -229,6 +220,7 @@ digest_calc_ha1_from_digest (const char *alg,
    {
      uint8_t dig[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
+      VLA_CHECK_LEN_DIGEST(da->digest_size);
      da->init (da->ctx);
      da->update (da->ctx,
                  digest,
@@ -285,6 +277,7 @@ digest_calc_ha1_from_user (const char *alg,
 {
  unsigned char ha1[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
+  VLA_CHECK_LEN_DIGEST(da->digest_size);
  da->init (da->ctx);
  da->update (da->ctx,
             (const unsigned char *) username,
@@ -342,6 +335,7 @@ digest_calc_response (const char *ha1,
  unsigned char resphash[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
  (void)hentity; /* Unused. Silence compiler warning. */
+  VLA_CHECK_LEN_DIGEST(da->digest_size);
  da->init (da->ctx);
  da->update (da->ctx,
              (const unsigned char *) method,
@@ -683,6 +677,7 @@ calculate_nonce (uint32_t nonce_time,
  unsigned char tmpnonce[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
  char timestamphex[TIMESTAMP_BIN_SIZE * 2 + 1];
+  VLA_CHECK_LEN_DIGEST(da->digest_size);
  da->init (da->ctx);
  timestamp[0] = (unsigned char)((nonce_time & 0xff000000) >> 0x18);
  timestamp[1] = (unsigned char)((nonce_time & 0x00ff0000) >> 0x10);
@@ -868,6 +863,7 @@ digest_auth_check_all (struct MHD_Connection *connection,
  size_t left; /* number of characters left in 'header' for 'uri' */
  uint64_t nci;
+  VLA_CHECK_LEN_DIGEST(da->digest_size);
  header = MHD_lookup_connection_value (connection,
                                        MHD_HEADER_KIND,
                                        MHD_HTTP_HEADER_AUTHORIZATION);
@@ -1336,7 +1332,9 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection *connection,
  SETUP_DA (algo, da);
  {
-    char nonce[VLA_ARRAY_LEN_NONCE (NONCE_STD_LEN(da.digest_size) + 1)];
+    char nonce[NONCE_STD_LEN(VLA_ARRAY_LEN_DIGEST (da.digest_size)) + 1];
+    VLA_CHECK_LEN_DIGEST(da.digest_size);
    /* Generating the server nonce */
    calculate_nonce ((uint32_t) MHD_monotonic_sec_counter(),
                     connection->method,
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index 97db942f..0ce0b0c8 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -209,8 +209,8 @@ enum MHD_ConnectionEventLoopInfo
 #define MHD_TEST_ALLOW_SUSPEND_RESUME 8192
 /**
- * Maximum length of a nonce in digest authentication.  32(MD5 Hex) +
+ * Maximum length of a nonce in digest authentication.  64(SHA-256 Hex) +
- * 8(Timestamp Hex) + 1(NULL); hence 41 should suffice, but Opera
+ * 8(Timestamp Hex) + 1(NULL); hence 73 should suffice, but Opera
 * (already) takes more (see Mantis #1633), so we've increased the
 * value to support something longer...
 */
author	Christian Grothoff <christian@grothoff.org>	2018-12-12 01:45:57 +0100
committer	Christian Grothoff <christian@grothoff.org>	2018-12-12 01:45:57 +0100
commit	5d75a87ef6270e65c54f63b66f8d9c8052ef60e9 (patch)
tree	78bd8b7c87f875eb7174f9cd4e1440bcdcb7fcd2
parent	7ea8a3310e44d1ee3f455c3c1a1c630ca54057b3 (diff)
download	libmicrohttpd-5d75a87ef6270e65c54f63b66f8d9c8052ef60e9.tar.gz libmicrohttpd-5d75a87ef6270e65c54f63b66f8d9c8052ef60e9.zip

diff --git a/configure.ac b/configure.ac index a03205dc..44c7d294 100644 --- a/configure.ac +++ b/configure.ac
@@ -743,7 +743,7 @@ fd = epoll_create1(EPOLL_CLOEXEC);]])],
743	AC_DEFINE([[HAVE_EPOLL_CREATE1]], [[1]], [Define if you have epoll_create1 function.])]))	743	AC_DEFINE([[HAVE_EPOLL_CREATE1]], [[1]], [Define if you have epoll_create1 function.])]))
744		744
745	# Check for headers that are ALWAYS required	745	# Check for headers that are ALWAYS required
746	AC_CHECK_HEADERS([fcntl.h math.h errno.h limits.h stdio.h locale.h sys/stat.h sys/types.h], [], [AC_MSG_ERROR([Compiling libmicrohttpd requires standard UNIX headers files])], [AC_INCLUDES_DEFAULT])	746	AC_CHECK_HEADERS_ONCE([fcntl.h math.h errno.h limits.h stdio.h locale.h sys/stat.h sys/types.h], [], [AC_MSG_ERROR([Compiling libmicrohttpd requires standard UNIX headers files])], [AC_INCLUDES_DEFAULT])
747		747
748	# Check for optional headers	748	# Check for optional headers
749	AC_CHECK_HEADERS([sys/types.h sys/time.h sys/msg.h time.h sys/mman.h sys/ioctl.h \	749	AC_CHECK_HEADERS([sys/types.h sys/time.h sys/msg.h time.h sys/mman.h sys/ioctl.h \


diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 1eea4446..d4e23fef 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c
@@ -59,40 +59,31 @@
59	*/	59	*/
60	#define MAX_DIGEST SHA256_DIGEST_SIZE	60	#define MAX_DIGEST SHA256_DIGEST_SIZE
61		61
62	#define MAX_NONCE NONCE_STD_LEN((MAX_DIGEST)+1)
63
64	/**	62	/**
65	* Macro to avoid using VLAs if the compiler does not support them.	63	* Macro to avoid using VLAs if the compiler does not support them.
66	*/	64	*/
67	#if __STDC_NO_VLA__	65	#if __STDC_NO_VLA__
68	/**	66	/**
69	* Check that @a n is below #MAX_DIGEST, then return #MAX_DIGEST.	67	* Return #MAX_DIGEST.
70	*	68	*
71	* @param n length of the digest to be used for a VLA	69	* @param n length of the digest to be used for a VLA
72	*/	70	*/
73	#define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),MAX_DIGEST)	71	#define VLA_ARRAY_LEN_DIGEST(n) (MAX_DIGEST)
74		72
75	/**
76	* Check that @a n is below #MAX_NONCE, then return #MAX_NONCE.
77	*
78	* @param n length of the digest to be used for a VLA
79	*/
80	#define VLA_ARRAY_LEN_NONCE(n) (((n) <= MAX_NONCE?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),MAX_NONCE)
81	#else	73	#else
82	/**	74	/**
83	* Check that @a n is below #MAX_DIGEST, then return @a n.	75	* Return @a n.
84	*	76	*
85	* @param n length of the digest to be used for a VLA	77	* @param n length of the digest to be used for a VLA
86	*/	78	*/
87	#define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),n)	79	#define VLA_ARRAY_LEN_DIGEST(n) (n)
		80	#endif
88		81
89	/**	82	/**
90	* Check that @a n is below #MAX_NONCE, then return @a n.	83	* Check that @a n is below #MAX_NONCE
91	*
92	* @param n length of the digest to be used for a VLA
93	*/	84	*/
94	#define VLA_ARRAY_LEN_NONCE(n) (((n) <= MAX_NONCE?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),n)	85	#define VLA_CHECK_LEN_DIGEST(n) do { if ((n) > MAX_DIGEST) mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"); } while (0)
95	#endif	86
96		87
97	/**	88	/**
98	* Beginning string for any valid Digest authentication header.	89	* Beginning string for any valid Digest authentication header.
@@ -229,6 +220,7 @@ digest_calc_ha1_from_digest (const char *alg,
229	{	220	{
230	uint8_t dig[VLA_ARRAY_LEN_DIGEST(da->digest_size)];	221	uint8_t dig[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
231		222
		223	VLA_CHECK_LEN_DIGEST(da->digest_size);
232	da->init (da->ctx);	224	da->init (da->ctx);
233	da->update (da->ctx,	225	da->update (da->ctx,
234	digest,	226	digest,
@@ -285,6 +277,7 @@ digest_calc_ha1_from_user (const char *alg,
285	{	277	{
286	unsigned char ha1[VLA_ARRAY_LEN_DIGEST(da->digest_size)];	278	unsigned char ha1[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
287		279
		280	VLA_CHECK_LEN_DIGEST(da->digest_size);
288	da->init (da->ctx);	281	da->init (da->ctx);
289	da->update (da->ctx,	282	da->update (da->ctx,
290	(const unsigned char *) username,	283	(const unsigned char *) username,
@@ -342,6 +335,7 @@ digest_calc_response (const char *ha1,
342	unsigned char resphash[VLA_ARRAY_LEN_DIGEST(da->digest_size)];	335	unsigned char resphash[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
343	(void)hentity; /* Unused. Silence compiler warning. */	336	(void)hentity; /* Unused. Silence compiler warning. */
344		337
		338	VLA_CHECK_LEN_DIGEST(da->digest_size);
345	da->init (da->ctx);	339	da->init (da->ctx);
346	da->update (da->ctx,	340	da->update (da->ctx,
347	(const unsigned char *) method,	341	(const unsigned char *) method,
@@ -683,6 +677,7 @@ calculate_nonce (uint32_t nonce_time,
683	unsigned char tmpnonce[VLA_ARRAY_LEN_DIGEST(da->digest_size)];	677	unsigned char tmpnonce[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
684	char timestamphex[TIMESTAMP_BIN_SIZE * 2 + 1];	678	char timestamphex[TIMESTAMP_BIN_SIZE * 2 + 1];
685		679
		680	VLA_CHECK_LEN_DIGEST(da->digest_size);
686	da->init (da->ctx);	681	da->init (da->ctx);
687	timestamp[0] = (unsigned char)((nonce_time & 0xff000000) >> 0x18);	682	timestamp[0] = (unsigned char)((nonce_time & 0xff000000) >> 0x18);
688	timestamp[1] = (unsigned char)((nonce_time & 0x00ff0000) >> 0x10);	683	timestamp[1] = (unsigned char)((nonce_time & 0x00ff0000) >> 0x10);
@@ -868,6 +863,7 @@ digest_auth_check_all (struct MHD_Connection *connection,
868	size_t left; /* number of characters left in 'header' for 'uri' */	863	size_t left; /* number of characters left in 'header' for 'uri' */
869	uint64_t nci;	864	uint64_t nci;
870		865
		866	VLA_CHECK_LEN_DIGEST(da->digest_size);
871	header = MHD_lookup_connection_value (connection,	867	header = MHD_lookup_connection_value (connection,
872	MHD_HEADER_KIND,	868	MHD_HEADER_KIND,
873	MHD_HTTP_HEADER_AUTHORIZATION);	869	MHD_HTTP_HEADER_AUTHORIZATION);
@@ -1336,7 +1332,9 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection *connection,
1336	SETUP_DA (algo, da);	1332	SETUP_DA (algo, da);
1337		1333
1338	{	1334	{
1339	char nonce[VLA_ARRAY_LEN_NONCE (NONCE_STD_LEN(da.digest_size) + 1)];	1335	char nonce[NONCE_STD_LEN(VLA_ARRAY_LEN_DIGEST (da.digest_size)) + 1];
		1336
		1337	VLA_CHECK_LEN_DIGEST(da.digest_size);
1340	/* Generating the server nonce */	1338	/* Generating the server nonce */
1341	calculate_nonce ((uint32_t) MHD_monotonic_sec_counter(),	1339	calculate_nonce ((uint32_t) MHD_monotonic_sec_counter(),
1342	connection->method,	1340	connection->method,


diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h index 97db942f..0ce0b0c8 100644 --- a/src/microhttpd/internal.h +++ b/src/microhttpd/internal.h
@@ -209,8 +209,8 @@ enum MHD_ConnectionEventLoopInfo
209	#define MHD_TEST_ALLOW_SUSPEND_RESUME 8192	209	#define MHD_TEST_ALLOW_SUSPEND_RESUME 8192
210		210
211	/**	211	/**
212	* Maximum length of a nonce in digest authentication. 32(MD5 Hex) +	212	* Maximum length of a nonce in digest authentication. 64(SHA-256 Hex) +
213	* 8(Timestamp Hex) + 1(NULL); hence 41 should suffice, but Opera	213	* 8(Timestamp Hex) + 1(NULL); hence 73 should suffice, but Opera
214	* (already) takes more (see Mantis #1633), so we've increased the	214	* (already) takes more (see Mantis #1633), so we've increased the
215	* value to support something longer...	215	* value to support something longer...
216	*/	216	*/