gen_auth: do not allow the equal sign alone for digest auth

author: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2022-06-05 12:24:34 +0300
committer: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2022-06-05 12:48:31 +0300
commit: 8a2da6d6a3b7ab04b3bd0506d0f245997bb49b52 (patch)
tree: b727fb0c38fe5883d0ed7bd22cfa5a561fed0f63
parent: 3fcec14c8d2a25db33b6f7e42cf7430f07250b10 (diff)
download: libmicrohttpd-8a2da6d6a3b7ab04b3bd0506d0f245997bb49b52.tar.gz
libmicrohttpd-8a2da6d6a3b7ab04b3bd0506d0f245997bb49b52.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/microhttpd/gen_auth.c b/src/microhttpd/gen_auth.c
index 04894d9a..2cab478b 100644
--- a/src/microhttpd/gen_auth.c
+++ b/src/microhttpd/gen_auth.c
@@ -175,6 +175,8 @@ parse_dauth_params (const char *str,
    mhd_assert ('\t' != str[i]);
    left = str_len - i;
+    if ('=' == str[i])
+      return false; /* The equal sign is not allowed as the first character */
    for (p = 0; p < sizeof(map) / sizeof(map[0]); p++)
    {
      struct dauth_token_param *const aparam = map + p;
author	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2022-06-05 12:24:34 +0300
committer	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2022-06-05 12:48:31 +0300
commit	8a2da6d6a3b7ab04b3bd0506d0f245997bb49b52 (patch)
tree	b727fb0c38fe5883d0ed7bd22cfa5a561fed0f63
parent	3fcec14c8d2a25db33b6f7e42cf7430f07250b10 (diff)
download	libmicrohttpd-8a2da6d6a3b7ab04b3bd0506d0f245997bb49b52.tar.gz libmicrohttpd-8a2da6d6a3b7ab04b3bd0506d0f245997bb49b52.zip

diff --git a/src/microhttpd/gen_auth.c b/src/microhttpd/gen_auth.c index 04894d9a..2cab478b 100644 --- a/src/microhttpd/gen_auth.c +++ b/src/microhttpd/gen_auth.c
@@ -175,6 +175,8 @@ parse_dauth_params (const char *str,
175	mhd_assert ('\t' != str[i]);	175	mhd_assert ('\t' != str[i]);
176		176
177	left = str_len - i;	177	left = str_len - i;
		178	if ('=' == str[i])
		179	return false; /* The equal sign is not allowed as the first character */
178	for (p = 0; p < sizeof(map) / sizeof(map[0]); p++)	180	for (p = 0; p < sizeof(map) / sizeof(map[0]); p++)
179	{	181	{
180	struct dauth_token_param *const aparam = map + p;	182	struct dauth_token_param *const aparam = map + p;