diff options
author | Christian Grothoff <christian@grothoff.org> | 2011-01-18 23:00:02 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2011-01-18 23:00:02 +0000 |
commit | 5a6952fe90fdfbb311d81fb4ac96027bec867d8e (patch) | |
tree | 3f41cbb70f862cfd205b5958bc4e031706353216 /AUTHORS | |
parent | 3d970622b770a16dde6b1e552d51c48ecdb5d7f1 (diff) | |
download | libmicrohttpd-5a6952fe90fdfbb311d81fb4ac96027bec867d8e.tar.gz libmicrohttpd-5a6952fe90fdfbb311d81fb4ac96027bec867d8e.zip |
[libmicrohttpd] [digest-auth]: bug in hash algorithm
From:
Andreas Wehrmann <a.wehrmann@centersystems.com>
To:
libmicrohttpd@gnu.org
Date:
Today 08:58:43 am
Spam Status: Spamassassin 0% probability of being spam.
Full report:
Probability=No, score=-3.2 required=7.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.5-tuminfo_1
Hello!
I wrote a little testpage that I deliver using libmicrohttpd using
digest authentication.
The testpage consists of four files (framed page + image file).
When I initially connected to the webserver via the browser it correctly
challenged me
for my credentials. However, after entering the username and password
the index file
got loaded but it happened that the browser then challenged me again for
each
additional file to be loaded.
Since this is very annoying I tried increasing the nonce table size to 3000
(was default) but it was no good.
I then dug a little deeper and found out, that the hash algorithm to
determine the index
for a given nonce always returned zero thus overwriting other nonces.
The offending line is at check_nonce_nc() in digestauth.c:313:
off = (off << 8) | (*np & (off >> 24));
whereas is should be:
off = (off << 8) | (*np ^ (off >> 24));
Since "off" is initialized with zero and an unsigned integer
a logical AND returns zero which is not right obviously.
After this fix, the server challenged me only once and I got "random"
indices.
I found the problem in libmicrohttpd 0.9.5.
Best regards,
Andreas Wehrmann
--
Dipl.-Ing. (FH) Andreas Wehrmann
Software Development
--------------------------------------------------------------
Center Communication Systems GmbH
A-1210 Wien, Ignaz-Köck-Straße 19
Sitz in Wien
FN 796 88p, Firmenbuchgericht Wien
www.centersystems.com
Tel.: +43 (0) 190 199 - 3616
Mobile: +43 (0) 664 884 75916
Fax: +43 (0) 190 199 - 2110
E-Mail: a.wehrmann@centersystems.com
Diffstat (limited to 'AUTHORS')
-rw-r--r-- | AUTHORS | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -28,6 +28,7 @@ Geoffrey McRae <geoff@spacevs.com> | |||
28 | Piotr Grzybowski <narsil.pl@gmail.com> | 28 | Piotr Grzybowski <narsil.pl@gmail.com> |
29 | Gerrit Telkamp <g.telkamp@domologic.de> | 29 | Gerrit Telkamp <g.telkamp@domologic.de> |
30 | Erik Slagter <erik@slagter.name> | 30 | Erik Slagter <erik@slagter.name> |
31 | Andreas Wehrmann <a.wehrmann@centersystems.com> | ||
31 | 32 | ||
32 | Documentation contributions also came from: | 33 | Documentation contributions also came from: |
33 | Marco Maggi <marco.maggi-ipsu@poste.it> | 34 | Marco Maggi <marco.maggi-ipsu@poste.it> |