diff options
author | Christian Grothoff <christian@grothoff.org> | 2018-12-12 01:45:57 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2018-12-12 01:45:57 +0100 |
commit | 5d75a87ef6270e65c54f63b66f8d9c8052ef60e9 (patch) | |
tree | 78bd8b7c87f875eb7174f9cd4e1440bcdcb7fcd2 | |
parent | 7ea8a3310e44d1ee3f455c3c1a1c630ca54057b3 (diff) | |
download | libmicrohttpd-5d75a87ef6270e65c54f63b66f8d9c8052ef60e9.tar.gz libmicrohttpd-5d75a87ef6270e65c54f63b66f8d9c8052ef60e9.zip |
brutally simplify VLA macro for stupid compilers
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | src/microhttpd/digestauth.c | 34 | ||||
-rw-r--r-- | src/microhttpd/internal.h | 4 |
3 files changed, 19 insertions, 21 deletions
diff --git a/configure.ac b/configure.ac index a03205dc..44c7d294 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -743,7 +743,7 @@ fd = epoll_create1(EPOLL_CLOEXEC);]])], | |||
743 | AC_DEFINE([[HAVE_EPOLL_CREATE1]], [[1]], [Define if you have epoll_create1 function.])])) | 743 | AC_DEFINE([[HAVE_EPOLL_CREATE1]], [[1]], [Define if you have epoll_create1 function.])])) |
744 | 744 | ||
745 | # Check for headers that are ALWAYS required | 745 | # Check for headers that are ALWAYS required |
746 | AC_CHECK_HEADERS([fcntl.h math.h errno.h limits.h stdio.h locale.h sys/stat.h sys/types.h], [], [AC_MSG_ERROR([Compiling libmicrohttpd requires standard UNIX headers files])], [AC_INCLUDES_DEFAULT]) | 746 | AC_CHECK_HEADERS_ONCE([fcntl.h math.h errno.h limits.h stdio.h locale.h sys/stat.h sys/types.h], [], [AC_MSG_ERROR([Compiling libmicrohttpd requires standard UNIX headers files])], [AC_INCLUDES_DEFAULT]) |
747 | 747 | ||
748 | # Check for optional headers | 748 | # Check for optional headers |
749 | AC_CHECK_HEADERS([sys/types.h sys/time.h sys/msg.h time.h sys/mman.h sys/ioctl.h \ | 749 | AC_CHECK_HEADERS([sys/types.h sys/time.h sys/msg.h time.h sys/mman.h sys/ioctl.h \ |
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 1eea4446..d4e23fef 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -59,40 +59,31 @@ | |||
59 | */ | 59 | */ |
60 | #define MAX_DIGEST SHA256_DIGEST_SIZE | 60 | #define MAX_DIGEST SHA256_DIGEST_SIZE |
61 | 61 | ||
62 | #define MAX_NONCE NONCE_STD_LEN((MAX_DIGEST)+1) | ||
63 | |||
64 | /** | 62 | /** |
65 | * Macro to avoid using VLAs if the compiler does not support them. | 63 | * Macro to avoid using VLAs if the compiler does not support them. |
66 | */ | 64 | */ |
67 | #if __STDC_NO_VLA__ | 65 | #if __STDC_NO_VLA__ |
68 | /** | 66 | /** |
69 | * Check that @a n is below #MAX_DIGEST, then return #MAX_DIGEST. | 67 | * Return #MAX_DIGEST. |
70 | * | 68 | * |
71 | * @param n length of the digest to be used for a VLA | 69 | * @param n length of the digest to be used for a VLA |
72 | */ | 70 | */ |
73 | #define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),MAX_DIGEST) | 71 | #define VLA_ARRAY_LEN_DIGEST(n) (MAX_DIGEST) |
74 | 72 | ||
75 | /** | ||
76 | * Check that @a n is below #MAX_NONCE, then return #MAX_NONCE. | ||
77 | * | ||
78 | * @param n length of the digest to be used for a VLA | ||
79 | */ | ||
80 | #define VLA_ARRAY_LEN_NONCE(n) (((n) <= MAX_NONCE?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),MAX_NONCE) | ||
81 | #else | 73 | #else |
82 | /** | 74 | /** |
83 | * Check that @a n is below #MAX_DIGEST, then return @a n. | 75 | * Return @a n. |
84 | * | 76 | * |
85 | * @param n length of the digest to be used for a VLA | 77 | * @param n length of the digest to be used for a VLA |
86 | */ | 78 | */ |
87 | #define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),n) | 79 | #define VLA_ARRAY_LEN_DIGEST(n) (n) |
80 | #endif | ||
88 | 81 | ||
89 | /** | 82 | /** |
90 | * Check that @a n is below #MAX_NONCE, then return @a n. | 83 | * Check that @a n is below #MAX_NONCE |
91 | * | ||
92 | * @param n length of the digest to be used for a VLA | ||
93 | */ | 84 | */ |
94 | #define VLA_ARRAY_LEN_NONCE(n) (((n) <= MAX_NONCE?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),n) | 85 | #define VLA_CHECK_LEN_DIGEST(n) do { if ((n) > MAX_DIGEST) mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"); } while (0) |
95 | #endif | 86 | |
96 | 87 | ||
97 | /** | 88 | /** |
98 | * Beginning string for any valid Digest authentication header. | 89 | * Beginning string for any valid Digest authentication header. |
@@ -229,6 +220,7 @@ digest_calc_ha1_from_digest (const char *alg, | |||
229 | { | 220 | { |
230 | uint8_t dig[VLA_ARRAY_LEN_DIGEST(da->digest_size)]; | 221 | uint8_t dig[VLA_ARRAY_LEN_DIGEST(da->digest_size)]; |
231 | 222 | ||
223 | VLA_CHECK_LEN_DIGEST(da->digest_size); | ||
232 | da->init (da->ctx); | 224 | da->init (da->ctx); |
233 | da->update (da->ctx, | 225 | da->update (da->ctx, |
234 | digest, | 226 | digest, |
@@ -285,6 +277,7 @@ digest_calc_ha1_from_user (const char *alg, | |||
285 | { | 277 | { |
286 | unsigned char ha1[VLA_ARRAY_LEN_DIGEST(da->digest_size)]; | 278 | unsigned char ha1[VLA_ARRAY_LEN_DIGEST(da->digest_size)]; |
287 | 279 | ||
280 | VLA_CHECK_LEN_DIGEST(da->digest_size); | ||
288 | da->init (da->ctx); | 281 | da->init (da->ctx); |
289 | da->update (da->ctx, | 282 | da->update (da->ctx, |
290 | (const unsigned char *) username, | 283 | (const unsigned char *) username, |
@@ -342,6 +335,7 @@ digest_calc_response (const char *ha1, | |||
342 | unsigned char resphash[VLA_ARRAY_LEN_DIGEST(da->digest_size)]; | 335 | unsigned char resphash[VLA_ARRAY_LEN_DIGEST(da->digest_size)]; |
343 | (void)hentity; /* Unused. Silence compiler warning. */ | 336 | (void)hentity; /* Unused. Silence compiler warning. */ |
344 | 337 | ||
338 | VLA_CHECK_LEN_DIGEST(da->digest_size); | ||
345 | da->init (da->ctx); | 339 | da->init (da->ctx); |
346 | da->update (da->ctx, | 340 | da->update (da->ctx, |
347 | (const unsigned char *) method, | 341 | (const unsigned char *) method, |
@@ -683,6 +677,7 @@ calculate_nonce (uint32_t nonce_time, | |||
683 | unsigned char tmpnonce[VLA_ARRAY_LEN_DIGEST(da->digest_size)]; | 677 | unsigned char tmpnonce[VLA_ARRAY_LEN_DIGEST(da->digest_size)]; |
684 | char timestamphex[TIMESTAMP_BIN_SIZE * 2 + 1]; | 678 | char timestamphex[TIMESTAMP_BIN_SIZE * 2 + 1]; |
685 | 679 | ||
680 | VLA_CHECK_LEN_DIGEST(da->digest_size); | ||
686 | da->init (da->ctx); | 681 | da->init (da->ctx); |
687 | timestamp[0] = (unsigned char)((nonce_time & 0xff000000) >> 0x18); | 682 | timestamp[0] = (unsigned char)((nonce_time & 0xff000000) >> 0x18); |
688 | timestamp[1] = (unsigned char)((nonce_time & 0x00ff0000) >> 0x10); | 683 | timestamp[1] = (unsigned char)((nonce_time & 0x00ff0000) >> 0x10); |
@@ -868,6 +863,7 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
868 | size_t left; /* number of characters left in 'header' for 'uri' */ | 863 | size_t left; /* number of characters left in 'header' for 'uri' */ |
869 | uint64_t nci; | 864 | uint64_t nci; |
870 | 865 | ||
866 | VLA_CHECK_LEN_DIGEST(da->digest_size); | ||
871 | header = MHD_lookup_connection_value (connection, | 867 | header = MHD_lookup_connection_value (connection, |
872 | MHD_HEADER_KIND, | 868 | MHD_HEADER_KIND, |
873 | MHD_HTTP_HEADER_AUTHORIZATION); | 869 | MHD_HTTP_HEADER_AUTHORIZATION); |
@@ -1336,7 +1332,9 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection *connection, | |||
1336 | SETUP_DA (algo, da); | 1332 | SETUP_DA (algo, da); |
1337 | 1333 | ||
1338 | { | 1334 | { |
1339 | char nonce[VLA_ARRAY_LEN_NONCE (NONCE_STD_LEN(da.digest_size) + 1)]; | 1335 | char nonce[NONCE_STD_LEN(VLA_ARRAY_LEN_DIGEST (da.digest_size)) + 1]; |
1336 | |||
1337 | VLA_CHECK_LEN_DIGEST(da.digest_size); | ||
1340 | /* Generating the server nonce */ | 1338 | /* Generating the server nonce */ |
1341 | calculate_nonce ((uint32_t) MHD_monotonic_sec_counter(), | 1339 | calculate_nonce ((uint32_t) MHD_monotonic_sec_counter(), |
1342 | connection->method, | 1340 | connection->method, |
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h index 97db942f..0ce0b0c8 100644 --- a/src/microhttpd/internal.h +++ b/src/microhttpd/internal.h | |||
@@ -209,8 +209,8 @@ enum MHD_ConnectionEventLoopInfo | |||
209 | #define MHD_TEST_ALLOW_SUSPEND_RESUME 8192 | 209 | #define MHD_TEST_ALLOW_SUSPEND_RESUME 8192 |
210 | 210 | ||
211 | /** | 211 | /** |
212 | * Maximum length of a nonce in digest authentication. 32(MD5 Hex) + | 212 | * Maximum length of a nonce in digest authentication. 64(SHA-256 Hex) + |
213 | * 8(Timestamp Hex) + 1(NULL); hence 41 should suffice, but Opera | 213 | * 8(Timestamp Hex) + 1(NULL); hence 73 should suffice, but Opera |
214 | * (already) takes more (see Mantis #1633), so we've increased the | 214 | * (already) takes more (see Mantis #1633), so we've increased the |
215 | * value to support something longer... | 215 | * value to support something longer... |
216 | */ | 216 | */ |