diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-06-05 12:24:34 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-06-05 12:48:31 +0300 |
commit | 8a2da6d6a3b7ab04b3bd0506d0f245997bb49b52 (patch) | |
tree | b727fb0c38fe5883d0ed7bd22cfa5a561fed0f63 | |
parent | 3fcec14c8d2a25db33b6f7e42cf7430f07250b10 (diff) | |
download | libmicrohttpd-8a2da6d6a3b7ab04b3bd0506d0f245997bb49b52.tar.gz libmicrohttpd-8a2da6d6a3b7ab04b3bd0506d0f245997bb49b52.zip |
gen_auth: do not allow the equal sign alone for digest auth
-rw-r--r-- | src/microhttpd/gen_auth.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/microhttpd/gen_auth.c b/src/microhttpd/gen_auth.c index 04894d9a..2cab478b 100644 --- a/src/microhttpd/gen_auth.c +++ b/src/microhttpd/gen_auth.c | |||
@@ -175,6 +175,8 @@ parse_dauth_params (const char *str, | |||
175 | mhd_assert ('\t' != str[i]); | 175 | mhd_assert ('\t' != str[i]); |
176 | 176 | ||
177 | left = str_len - i; | 177 | left = str_len - i; |
178 | if ('=' == str[i]) | ||
179 | return false; /* The equal sign is not allowed as the first character */ | ||
178 | for (p = 0; p < sizeof(map) / sizeof(map[0]); p++) | 180 | for (p = 0; p < sizeof(map) / sizeof(map[0]); p++) |
179 | { | 181 | { |
180 | struct dauth_token_param *const aparam = map + p; | 182 | struct dauth_token_param *const aparam = map + p; |