aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvgeny Grin (Karlson2k) <k2k@narod.ru>2022-07-21 18:59:06 +0300
committerEvgeny Grin (Karlson2k) <k2k@narod.ru>2022-07-25 16:20:49 +0300
commit961635da2a9d7363528940f4fa7a0148e96e90d8 (patch)
tree854ef4256fddf208e23b5122022710c762c4d3e9
parent7e5206cc032c965f228d77696392d430ef4b5aa9 (diff)
downloadlibmicrohttpd-961635da2a9d7363528940f4fa7a0148e96e90d8.tar.gz
libmicrohttpd-961635da2a9d7363528940f4fa7a0148e96e90d8.zip
digest_auth_check(): added check for too large realm value
-rw-r--r--src/microhttpd/digestauth.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index a3399a65..793209f9 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1973,6 +1973,9 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
1973 1973
1974 if (NULL == params->realm.value.str) 1974 if (NULL == params->realm.value.str)
1975 return MHD_DAUTH_WRONG_HEADER; 1975 return MHD_DAUTH_WRONG_HEADER;
1976 else if (((NULL == digest) || params->userhash) &&
1977 (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < params->realm.value.len))
1978 return MHD_DAUTH_TOO_LARGE; /* Realm is too large and it will be used in hash calculations */
1976 1979
1977 if (NULL == params->nc.value.str) 1980 if (NULL == params->nc.value.str)
1978 return MHD_DAUTH_WRONG_HEADER; 1981 return MHD_DAUTH_WRONG_HEADER;