Fixed wrong usage of maximum client nonce size as maximum size of server nonce

This also saves some RAM for nonce-nc map array
author: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2022-06-07 20:23:18 +0300
committer: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2022-06-07 20:23:18 +0300
commit: abe138ee3aaadea496fbdddd23d79fbe40113171 (patch)
tree: a9a416f24726560435e4f66fc0caa44222e02d7a
parent: 2d551c422da896190f2278eff11955dfb439f658 (diff)
download: libmicrohttpd-abe138ee3aaadea496fbdddd23d79fbe40113171.tar.gz
libmicrohttpd-abe138ee3aaadea496fbdddd23d79fbe40113171.zip
2 files changed, 14 insertions, 6 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index c3717d47..890fc129 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -751,7 +751,7 @@ check_nonce_nc (struct MHD_Connection *connection,
  mhd_assert (0 != noncelen);
  mhd_assert (strlen (nonce) == noncelen);
  mhd_assert (0 != nc);
-  if (MAX_NONCE_LENGTH < noncelen)
+  if (MAX_DIGEST_NONCE_LENGTH < noncelen)
    return MHD_CHECK_NONCENC_WRONG; /* This should be impossible, but static analysis
                      tools have a hard time with it *and* this also
                      protects against unsafe modifications that may
@@ -1010,7 +1010,7 @@ is_slot_available (const struct MHD_NonceNc *const nn,
  uint64_t timestamp;
  bool timestamp_valid;
  mhd_assert (new_nonce_len <= NONCE_STD_LEN (MAX_DIGEST));
-  mhd_assert (NONCE_STD_LEN (MAX_DIGEST) < MAX_NONCE_LENGTH);
+  mhd_assert (NONCE_STD_LEN (MAX_DIGEST) <= MAX_DIGEST_NONCE_LENGTH);
  if (0 == nn->nonce[0])
    return true; /* The slot is empty */
@@ -1071,7 +1071,7 @@ calculate_add_nonce (struct MHD_Connection *const connection,
  const size_t nonce_size = NONCE_STD_LEN (digest_get_size (da));
  bool ret;
-  mhd_assert (MAX_NONCE_LENGTH >= nonce_size);
+  mhd_assert (MAX_DIGEST_NONCE_LENGTH >= nonce_size);
  mhd_assert (0 != nonce_size);
  calculate_nonce (timestamp,
@@ -1427,7 +1427,7 @@ digest_auth_check_all (struct MHD_Connection *connection,
                       unsigned int nonce_timeout)
 {
  struct MHD_Daemon *daemon = MHD_get_master (connection->daemon);
-  char cnonce[MAX_NONCE_LENGTH];
+  char cnonce[MAX_CLIENT_NONCE_LENGTH];
  const unsigned int digest_size = digest_get_size (da);
  char ha1[VLA_ARRAY_LEN_DIGEST (digest_size) * 2 + 1];
  char qop[15]; /* auth,auth-int */
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index 4f03b8fc..92fa932b 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -240,8 +240,16 @@ enum MHD_ConnectionEventLoopInfo
 * (already) takes more (see Mantis #1633), so we've increased the
 * value to support something longer...
 */
-#define MAX_NONCE_LENGTH 129
+#define MAX_CLIENT_NONCE_LENGTH 129
+/**
+ * The maximum size of MHD-generated nonce when printed with hexadecimal chars.
+ *
+ * This is equal to "(32 bytes for SHA-256 nonce plus 6 bytes for timestamp)
+ * multiplied by two hex chars per byte".
+ * Please keep it in sync with digestauth.c
+ */
+#define MAX_DIGEST_NONCE_LENGTH ((32 + 6) * 2)
 /**
 * A structure representing the internal holder of the
@@ -269,7 +277,7 @@ struct MHD_NonceNc
  /**
   * Nonce value:
   */
-  char nonce[MAX_NONCE_LENGTH + 1];
+  char nonce[MAX_DIGEST_NONCE_LENGTH + 1];
 };
author	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2022-06-07 20:23:18 +0300
committer	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2022-06-07 20:23:18 +0300
commit	abe138ee3aaadea496fbdddd23d79fbe40113171 (patch)
tree	a9a416f24726560435e4f66fc0caa44222e02d7a
parent	2d551c422da896190f2278eff11955dfb439f658 (diff)
download	libmicrohttpd-abe138ee3aaadea496fbdddd23d79fbe40113171.tar.gz libmicrohttpd-abe138ee3aaadea496fbdddd23d79fbe40113171.zip