diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-05-06 11:37:23 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-05-06 11:37:23 +0300 |
commit | 05a79fdb36600236bb52b9a7830e627fa3c5e9ca (patch) | |
tree | e36f0b6628f6c4bd38ebf6d376c2381fbfb3d4d3 /src/microhttpd/digestauth.c | |
parent | 9f226932dca5215dfbabc6ac243e37b349371daf (diff) | |
download | libmicrohttpd-05a79fdb36600236bb52b9a7830e627fa3c5e9ca.tar.gz libmicrohttpd-05a79fdb36600236bb52b9a7830e627fa3c5e9ca.zip |
digestauth: fixed logic of free nonce-nc slot detection
Diffstat (limited to 'src/microhttpd/digestauth.c')
-rw-r--r-- | src/microhttpd/digestauth.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 78fbd2d9..ecc29ff1 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -845,11 +845,8 @@ is_slot_available (const struct MHD_NonceNc *const nn, | |||
845 | if (0 == nn->nonce[0]) | 845 | if (0 == nn->nonce[0]) |
846 | return true; /* The slot is empty */ | 846 | return true; /* The slot is empty */ |
847 | 847 | ||
848 | if (0 != nn->nc) | 848 | if ((0 == memcmp (nn->nonce, new_nonce, new_nonce_len)) && |
849 | return true; /* Client already used the nonce in this slot at least | 849 | (0 == nn->nonce[new_nonce_len])) |
850 | one time, re-use the slot */ | ||
851 | |||
852 | if (0 == memcmp (nn->nonce, new_nonce, new_nonce_len + 1)) | ||
853 | { | 850 | { |
854 | /* The slot has the same nonce already, the same nonce was already generated | 851 | /* The slot has the same nonce already, the same nonce was already generated |
855 | * and used, this slot cannot be used with the same nonce as it would | 852 | * and used, this slot cannot be used with the same nonce as it would |
@@ -857,6 +854,10 @@ is_slot_available (const struct MHD_NonceNc *const nn, | |||
857 | return false; | 854 | return false; |
858 | } | 855 | } |
859 | 856 | ||
857 | if (0 != nn->nc) | ||
858 | return true; /* Client already used the nonce in this slot at least | ||
859 | one time, re-use the slot */ | ||
860 | |||
860 | timestamp_valid = get_nonce_timestamp (nn->nonce, 0, ×tamp); | 861 | timestamp_valid = get_nonce_timestamp (nn->nonce, 0, ×tamp); |
861 | mhd_assert (timestamp_valid); | 862 | mhd_assert (timestamp_valid); |
862 | if (! timestamp_valid) | 863 | if (! timestamp_valid) |