diff options
Diffstat (limited to 'src/daemon/digestauth.c')
-rw-r--r-- | src/daemon/digestauth.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/daemon/digestauth.c b/src/daemon/digestauth.c index 927974e0..00612e35 100644 --- a/src/daemon/digestauth.c +++ b/src/daemon/digestauth.c | |||
@@ -25,6 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "platform.h" | 27 | #include "platform.h" |
28 | #include <limits.h> | ||
28 | #include "internal.h" | 29 | #include "internal.h" |
29 | #include "md5.h" | 30 | #include "md5.h" |
30 | #include "base64.h" | 31 | #include "base64.h" |
@@ -447,6 +448,7 @@ MHD_digest_auth_check(struct MHD_Connection *connection, | |||
447 | { | 448 | { |
448 | size_t len; | 449 | size_t len; |
449 | const char *header; | 450 | const char *header; |
451 | char *end; | ||
450 | char nonce[MAX_NONCE_LENGTH]; | 452 | char nonce[MAX_NONCE_LENGTH]; |
451 | char cnonce[MAX_NONCE_LENGTH]; | 453 | char cnonce[MAX_NONCE_LENGTH]; |
452 | char qop[15]; /* auth,auth-int */ | 454 | char qop[15]; /* auth,auth-int */ |
@@ -544,9 +546,12 @@ MHD_digest_auth_check(struct MHD_Connection *connection, | |||
544 | ( (0 != strcmp (qop, "auth")) && | 546 | ( (0 != strcmp (qop, "auth")) && |
545 | (0 != strcmp (qop, "")) ) || | 547 | (0 != strcmp (qop, "")) ) || |
546 | (0 == lookup_sub_value(nc, sizeof (nc), header, "nc")) || | 548 | (0 == lookup_sub_value(nc, sizeof (nc), header, "nc")) || |
547 | (1 != sscanf (nc, "%u", &nci)) || | ||
548 | (0 == lookup_sub_value(response, sizeof (response), header, "response")) ) | 549 | (0 == lookup_sub_value(response, sizeof (response), header, "response")) ) |
549 | return MHD_NO; | 550 | return MHD_NO; |
551 | nci = strtoul (nc, &end, 10); | ||
552 | if ( ('\0' != *end) || | ||
553 | ( (LONG_MAX == nci) && (errno == ERANGE) ) ) | ||
554 | return MHD_NO; /* invalid nonce */ | ||
550 | 555 | ||
551 | /* | 556 | /* |
552 | * Checking if that combination of nonce and nc is sound | 557 | * Checking if that combination of nonce and nc is sound |