digestauth: fixed logic of free nonce-nc slot detection

1 files changed, 6 insertions, 5 deletions

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 78fbd2d9..ecc29ff1 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -845,11 +845,8 @@ is_slot_available (const struct MHD_NonceNc *const nn,
   if (0 == nn->nonce[0])
     return true; /* The slot is empty */
 
-  if (0 != nn->nc)
-    return true; /* Client already used the nonce in this slot at least
-                    one time, re-use the slot */
-
-  if (0 == memcmp (nn->nonce, new_nonce, new_nonce_len + 1))
+  if ((0 == memcmp (nn->nonce, new_nonce, new_nonce_len)) &&
+      (0 == nn->nonce[new_nonce_len]))
   {
     /* The slot has the same nonce already, the same nonce was already generated
      * and used, this slot cannot be used with the same nonce as it would
@@ -857,6 +854,10 @@ is_slot_available (const struct MHD_NonceNc *const nn,
     return false;
   }
 
+  if (0 != nn->nc)
+    return true; /* Client already used the nonce in this slot at least
+                    one time, re-use the slot */
+
   timestamp_valid = get_nonce_timestamp (nn->nonce, 0, &timestamp);
   mhd_assert (timestamp_valid);
   if (! timestamp_valid)