diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-07-21 18:59:06 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-07-25 16:20:49 +0300 |
commit | 961635da2a9d7363528940f4fa7a0148e96e90d8 (patch) | |
tree | 854ef4256fddf208e23b5122022710c762c4d3e9 | |
parent | 7e5206cc032c965f228d77696392d430ef4b5aa9 (diff) | |
download | libmicrohttpd-961635da2a9d7363528940f4fa7a0148e96e90d8.tar.gz libmicrohttpd-961635da2a9d7363528940f4fa7a0148e96e90d8.zip |
digest_auth_check(): added check for too large realm value
-rw-r--r-- | src/microhttpd/digestauth.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index a3399a65..793209f9 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -1973,6 +1973,9 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
1973 | 1973 | ||
1974 | if (NULL == params->realm.value.str) | 1974 | if (NULL == params->realm.value.str) |
1975 | return MHD_DAUTH_WRONG_HEADER; | 1975 | return MHD_DAUTH_WRONG_HEADER; |
1976 | else if (((NULL == digest) || params->userhash) && | ||
1977 | (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < params->realm.value.len)) | ||
1978 | return MHD_DAUTH_TOO_LARGE; /* Realm is too large and it will be used in hash calculations */ | ||
1976 | 1979 | ||
1977 | if (NULL == params->nc.value.str) | 1980 | if (NULL == params->nc.value.str) |
1978 | return MHD_DAUTH_WRONG_HEADER; | 1981 | return MHD_DAUTH_WRONG_HEADER; |