diff options
-rw-r--r-- | src/include/microhttpd.h | 20 | ||||
-rw-r--r-- | src/microhttpd/daemon.c | 31 | ||||
-rw-r--r-- | src/microhttpd/internal.h | 5 |
3 files changed, 54 insertions, 2 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index d469b64d..44b5fe3e 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h | |||
@@ -96,7 +96,7 @@ extern "C" | |||
96 | * they are parsed as decimal numbers. | 96 | * they are parsed as decimal numbers. |
97 | * Example: 0x01093001 = 1.9.30-1. | 97 | * Example: 0x01093001 = 1.9.30-1. |
98 | */ | 98 | */ |
99 | #define MHD_VERSION 0x00097528 | 99 | #define MHD_VERSION 0x00097529 |
100 | 100 | ||
101 | /* If generic headers don't work on your platform, include headers | 101 | /* If generic headers don't work on your platform, include headers |
102 | which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', | 102 | which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', |
@@ -1760,6 +1760,7 @@ enum MHD_OPTION | |||
1760 | * Note that the application must ensure that the buffer of the | 1760 | * Note that the application must ensure that the buffer of the |
1761 | * second argument remains allocated and unmodified while the | 1761 | * second argument remains allocated and unmodified while the |
1762 | * daemon is running. | 1762 | * daemon is running. |
1763 | * @sa #MHD_OPTION_DIGEST_AUTH_RANDOM_COPY | ||
1763 | */ | 1764 | */ |
1764 | MHD_OPTION_DIGEST_AUTH_RANDOM = 17, | 1765 | MHD_OPTION_DIGEST_AUTH_RANDOM = 17, |
1765 | 1766 | ||
@@ -1927,7 +1928,22 @@ enum MHD_OPTION | |||
1927 | * This option should be followed by an `int` argument. | 1928 | * This option should be followed by an `int` argument. |
1928 | * @note Available since #MHD_VERSION 0x00097207 | 1929 | * @note Available since #MHD_VERSION 0x00097207 |
1929 | */ | 1930 | */ |
1930 | MHD_OPTION_TLS_NO_ALPN = 34 | 1931 | MHD_OPTION_TLS_NO_ALPN = 34, |
1932 | |||
1933 | /** | ||
1934 | * Memory pointer for the random values to be used by the Digest | ||
1935 | * Auth module. This option should be followed by two arguments. | ||
1936 | * First an integer of type `size_t` which specifies the size | ||
1937 | * of the buffer pointed to by the second argument in bytes. | ||
1938 | * The recommended size is between 8 and 32. If size is four or less | ||
1939 | * then security could be lowered. Sizes more then 32 (or, probably | ||
1940 | * more than 16 - debatable) will not increase security. | ||
1941 | * An internal copy of the buffer will be made, the data do not | ||
1942 | * need to be static. | ||
1943 | * @sa #MHD_OPTION_DIGEST_AUTH_RANDOM | ||
1944 | * @note Available since #MHD_VERSION 0x00097529 | ||
1945 | */ | ||
1946 | MHD_OPTION_DIGEST_AUTH_RANDOM_COPY = 35 | ||
1931 | } _MHD_FIXED_ENUM; | 1947 | } _MHD_FIXED_ENUM; |
1932 | 1948 | ||
1933 | 1949 | ||
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c index 2f868bfb..cd89fa94 100644 --- a/src/microhttpd/daemon.c +++ b/src/microhttpd/daemon.c | |||
@@ -6236,10 +6236,16 @@ parse_options_va (struct MHD_Daemon *daemon, | |||
6236 | #endif /* HTTPS_SUPPORT */ | 6236 | #endif /* HTTPS_SUPPORT */ |
6237 | #ifdef DAUTH_SUPPORT | 6237 | #ifdef DAUTH_SUPPORT |
6238 | case MHD_OPTION_DIGEST_AUTH_RANDOM: | 6238 | case MHD_OPTION_DIGEST_AUTH_RANDOM: |
6239 | case MHD_OPTION_DIGEST_AUTH_RANDOM_COPY: | ||
6239 | daemon->digest_auth_rand_size = va_arg (ap, | 6240 | daemon->digest_auth_rand_size = va_arg (ap, |
6240 | size_t); | 6241 | size_t); |
6241 | daemon->digest_auth_random = va_arg (ap, | 6242 | daemon->digest_auth_random = va_arg (ap, |
6242 | const char *); | 6243 | const char *); |
6244 | if (MHD_OPTION_DIGEST_AUTH_RANDOM_COPY == opt) | ||
6245 | /* Set to some non-NULL value just to indicate that copy is required. */ | ||
6246 | daemon->digest_auth_random_copy = daemon; | ||
6247 | else | ||
6248 | daemon->digest_auth_random_copy = NULL; | ||
6243 | break; | 6249 | break; |
6244 | case MHD_OPTION_NONCE_NC_SIZE: | 6250 | case MHD_OPTION_NONCE_NC_SIZE: |
6245 | daemon->nonce_nc_size = va_arg (ap, | 6251 | daemon->nonce_nc_size = va_arg (ap, |
@@ -6440,6 +6446,7 @@ parse_options_va (struct MHD_Daemon *daemon, | |||
6440 | break; | 6446 | break; |
6441 | /* options taking size_t-number followed by pointer */ | 6447 | /* options taking size_t-number followed by pointer */ |
6442 | case MHD_OPTION_DIGEST_AUTH_RANDOM: | 6448 | case MHD_OPTION_DIGEST_AUTH_RANDOM: |
6449 | case MHD_OPTION_DIGEST_AUTH_RANDOM_COPY: | ||
6443 | if (MHD_NO == parse_options (daemon, | 6450 | if (MHD_NO == parse_options (daemon, |
6444 | servaddr, | 6451 | servaddr, |
6445 | opt, | 6452 | opt, |
@@ -6913,6 +6920,24 @@ MHD_start_daemon_va (unsigned int flags, | |||
6913 | } | 6920 | } |
6914 | 6921 | ||
6915 | #ifdef DAUTH_SUPPORT | 6922 | #ifdef DAUTH_SUPPORT |
6923 | if (NULL != daemon->digest_auth_random_copy) | ||
6924 | { | ||
6925 | mhd_assert (daemon == daemon->digest_auth_random_copy); | ||
6926 | daemon->digest_auth_random_copy = malloc (daemon->digest_auth_rand_size); | ||
6927 | if (NULL == daemon->digest_auth_random_copy) | ||
6928 | { | ||
6929 | #ifdef HTTPS_SUPPORT | ||
6930 | if (0 != (*pflags & MHD_USE_TLS)) | ||
6931 | gnutls_priority_deinit (daemon->priority_cache); | ||
6932 | #endif /* HTTPS_SUPPORT */ | ||
6933 | free (daemon); | ||
6934 | return NULL; | ||
6935 | } | ||
6936 | memcpy (daemon->digest_auth_random_copy, | ||
6937 | daemon->digest_auth_random, | ||
6938 | daemon->digest_auth_rand_size); | ||
6939 | daemon->digest_auth_random = daemon->digest_auth_random_copy; | ||
6940 | } | ||
6916 | if (daemon->nonce_nc_size > 0) | 6941 | if (daemon->nonce_nc_size > 0) |
6917 | { | 6942 | { |
6918 | if ( ( (size_t) (daemon->nonce_nc_size * sizeof (struct MHD_NonceNc))) | 6943 | if ( ( (size_t) (daemon->nonce_nc_size * sizeof (struct MHD_NonceNc))) |
@@ -6926,6 +6951,7 @@ MHD_start_daemon_va (unsigned int flags, | |||
6926 | if (0 != (*pflags & MHD_USE_TLS)) | 6951 | if (0 != (*pflags & MHD_USE_TLS)) |
6927 | gnutls_priority_deinit (daemon->priority_cache); | 6952 | gnutls_priority_deinit (daemon->priority_cache); |
6928 | #endif /* HTTPS_SUPPORT */ | 6953 | #endif /* HTTPS_SUPPORT */ |
6954 | free (daemon->digest_auth_random_copy); | ||
6929 | free (daemon); | 6955 | free (daemon); |
6930 | return NULL; | 6956 | return NULL; |
6931 | } | 6957 | } |
@@ -6942,6 +6968,7 @@ MHD_start_daemon_va (unsigned int flags, | |||
6942 | if (0 != (*pflags & MHD_USE_TLS)) | 6968 | if (0 != (*pflags & MHD_USE_TLS)) |
6943 | gnutls_priority_deinit (daemon->priority_cache); | 6969 | gnutls_priority_deinit (daemon->priority_cache); |
6944 | #endif /* HTTPS_SUPPORT */ | 6970 | #endif /* HTTPS_SUPPORT */ |
6971 | free (daemon->digest_auth_random_copy); | ||
6945 | free (daemon); | 6972 | free (daemon); |
6946 | return NULL; | 6973 | return NULL; |
6947 | } | 6974 | } |
@@ -6958,6 +6985,7 @@ MHD_start_daemon_va (unsigned int flags, | |||
6958 | if (0 != (*pflags & MHD_USE_TLS)) | 6985 | if (0 != (*pflags & MHD_USE_TLS)) |
6959 | gnutls_priority_deinit (daemon->priority_cache); | 6986 | gnutls_priority_deinit (daemon->priority_cache); |
6960 | #endif /* HTTPS_SUPPORT */ | 6987 | #endif /* HTTPS_SUPPORT */ |
6988 | free (daemon->digest_auth_random_copy); | ||
6961 | free (daemon->nnc); | 6989 | free (daemon->nnc); |
6962 | free (daemon); | 6990 | free (daemon); |
6963 | return NULL; | 6991 | return NULL; |
@@ -7586,6 +7614,7 @@ MHD_start_daemon_va (unsigned int flags, | |||
7586 | #ifdef DAUTH_SUPPORT | 7614 | #ifdef DAUTH_SUPPORT |
7587 | d->nnc = NULL; | 7615 | d->nnc = NULL; |
7588 | d->nonce_nc_size = 0; | 7616 | d->nonce_nc_size = 0; |
7617 | d->digest_auth_random_copy = NULL; | ||
7589 | #if defined(MHD_USE_THREADS) | 7618 | #if defined(MHD_USE_THREADS) |
7590 | memset (&d->nnc_lock, 1, sizeof(d->nnc_lock)); | 7619 | memset (&d->nnc_lock, 1, sizeof(d->nnc_lock)); |
7591 | #endif /* MHD_USE_THREADS */ | 7620 | #endif /* MHD_USE_THREADS */ |
@@ -7706,6 +7735,7 @@ free_and_fail: | |||
7706 | #endif /* HTTPS_SUPPORT && UPGRADE_SUPPORT */ | 7735 | #endif /* HTTPS_SUPPORT && UPGRADE_SUPPORT */ |
7707 | #endif /* EPOLL_SUPPORT */ | 7736 | #endif /* EPOLL_SUPPORT */ |
7708 | #ifdef DAUTH_SUPPORT | 7737 | #ifdef DAUTH_SUPPORT |
7738 | free (daemon->digest_auth_random_copy); | ||
7709 | free (daemon->nnc); | 7739 | free (daemon->nnc); |
7710 | #if defined(MHD_USE_POSIX_THREADS) || defined(MHD_USE_W32_THREADS) | 7740 | #if defined(MHD_USE_POSIX_THREADS) || defined(MHD_USE_W32_THREADS) |
7711 | MHD_mutex_destroy_chk_ (&daemon->nnc_lock); | 7741 | MHD_mutex_destroy_chk_ (&daemon->nnc_lock); |
@@ -8102,6 +8132,7 @@ MHD_stop_daemon (struct MHD_Daemon *daemon) | |||
8102 | #endif /* HTTPS_SUPPORT */ | 8132 | #endif /* HTTPS_SUPPORT */ |
8103 | 8133 | ||
8104 | #ifdef DAUTH_SUPPORT | 8134 | #ifdef DAUTH_SUPPORT |
8135 | free (daemon->digest_auth_random_copy); | ||
8105 | free (daemon->nnc); | 8136 | free (daemon->nnc); |
8106 | #if defined(MHD_USE_POSIX_THREADS) || defined(MHD_USE_W32_THREADS) | 8137 | #if defined(MHD_USE_POSIX_THREADS) || defined(MHD_USE_W32_THREADS) |
8107 | MHD_mutex_destroy_chk_ (&daemon->nnc_lock); | 8138 | MHD_mutex_destroy_chk_ (&daemon->nnc_lock); |
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h index 6906e1bb..fa243a34 100644 --- a/src/microhttpd/internal.h +++ b/src/microhttpd/internal.h | |||
@@ -2149,6 +2149,11 @@ struct MHD_Daemon | |||
2149 | const char *digest_auth_random; | 2149 | const char *digest_auth_random; |
2150 | 2150 | ||
2151 | /** | 2151 | /** |
2152 | * The malloc'ed copy of the @a digest_auth_random. | ||
2153 | */ | ||
2154 | void *digest_auth_random_copy; | ||
2155 | |||
2156 | /** | ||
2152 | * An array that contains the map nonce-nc. | 2157 | * An array that contains the map nonce-nc. |
2153 | */ | 2158 | */ |
2154 | struct MHD_NonceNc *nnc; | 2159 | struct MHD_NonceNc *nnc; |