diff options
Diffstat (limited to 'src/microhttpd/digestauth.c')
-rw-r--r-- | src/microhttpd/digestauth.c | 40 |
1 files changed, 33 insertions, 7 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 424c3761..af146c31 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -52,6 +52,32 @@ | |||
52 | #define NONCE_STD_LEN(digest_size) \ | 52 | #define NONCE_STD_LEN(digest_size) \ |
53 | ((digest_size) * 2 + TIMESTAMP_BIN_SIZE * 2) | 53 | ((digest_size) * 2 + TIMESTAMP_BIN_SIZE * 2) |
54 | 54 | ||
55 | |||
56 | /** | ||
57 | * Maximum size of any digest hash supported by MHD. | ||
58 | * (SHA-256 > MD5). | ||
59 | */ | ||
60 | #define MAX_DIGEST SHA256_DIGEST_SIZE | ||
61 | |||
62 | /** | ||
63 | * Macro to avoid using VLAs if the compiler does not support them. | ||
64 | */ | ||
65 | #if __STDC_NO_VLA__ | ||
66 | /** | ||
67 | * Check that @a n is below #MAX_DIGEST, then return #MAX_DIGEST. | ||
68 | * | ||
69 | * @param n length of the digest to be used for a VLA | ||
70 | */ | ||
71 | #define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),MAX_DIGEST) | ||
72 | #else | ||
73 | /** | ||
74 | * Check that @a n is below #MAX_DIGEST, then return @a n. | ||
75 | * | ||
76 | * @param n length of the digest to be used for a VLA | ||
77 | */ | ||
78 | #define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),n) | ||
79 | #endif | ||
80 | |||
55 | /** | 81 | /** |
56 | * Beginning string for any valid Digest authentication header. | 82 | * Beginning string for any valid Digest authentication header. |
57 | */ | 83 | */ |
@@ -185,7 +211,7 @@ digest_calc_ha1_from_digest (const char *alg, | |||
185 | (MHD_str_equal_caseless_(alg, | 211 | (MHD_str_equal_caseless_(alg, |
186 | "sha-256-sess")) ) | 212 | "sha-256-sess")) ) |
187 | { | 213 | { |
188 | uint8_t dig[da->digest_size]; | 214 | uint8_t dig[VLA_ARRAY_LEN_DIGEST(da->digest_size)]; |
189 | 215 | ||
190 | da->init (da->ctx); | 216 | da->init (da->ctx); |
191 | da->update (da->ctx, | 217 | da->update (da->ctx, |
@@ -241,7 +267,7 @@ digest_calc_ha1_from_user (const char *alg, | |||
241 | const char *cnonce, | 267 | const char *cnonce, |
242 | struct DigestAlgorithm *da) | 268 | struct DigestAlgorithm *da) |
243 | { | 269 | { |
244 | unsigned char ha1[da->digest_size]; | 270 | unsigned char ha1[VLA_ARRAY_LEN_DIGEST(da->digest_size)]; |
245 | 271 | ||
246 | da->init (da->ctx); | 272 | da->init (da->ctx); |
247 | da->update (da->ctx, | 273 | da->update (da->ctx, |
@@ -296,8 +322,8 @@ digest_calc_response (const char *ha1, | |||
296 | const char *hentity, | 322 | const char *hentity, |
297 | struct DigestAlgorithm *da) | 323 | struct DigestAlgorithm *da) |
298 | { | 324 | { |
299 | unsigned char ha2[da->digest_size]; | 325 | unsigned char ha2[VLA_ARRAY_LEN_DIGEST(da->digest_size)]; |
300 | unsigned char resphash[da->digest_size]; | 326 | unsigned char resphash[VLA_ARRAY_LEN_DIGEST(da->digest_size)]; |
301 | (void)hentity; /* Unused. Silence compiler warning. */ | 327 | (void)hentity; /* Unused. Silence compiler warning. */ |
302 | 328 | ||
303 | da->init (da->ctx); | 329 | da->init (da->ctx); |
@@ -638,7 +664,7 @@ calculate_nonce (uint32_t nonce_time, | |||
638 | char *nonce) | 664 | char *nonce) |
639 | { | 665 | { |
640 | unsigned char timestamp[TIMESTAMP_BIN_SIZE]; | 666 | unsigned char timestamp[TIMESTAMP_BIN_SIZE]; |
641 | unsigned char tmpnonce[da->digest_size]; | 667 | unsigned char tmpnonce[VLA_ARRAY_LEN_DIGEST(da->digest_size)]; |
642 | char timestamphex[TIMESTAMP_BIN_SIZE * 2 + 1]; | 668 | char timestamphex[TIMESTAMP_BIN_SIZE * 2 + 1]; |
643 | 669 | ||
644 | da->init (da->ctx); | 670 | da->init (da->ctx); |
@@ -815,12 +841,12 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
815 | const char *header; | 841 | const char *header; |
816 | char nonce[MAX_NONCE_LENGTH]; | 842 | char nonce[MAX_NONCE_LENGTH]; |
817 | char cnonce[MAX_NONCE_LENGTH]; | 843 | char cnonce[MAX_NONCE_LENGTH]; |
818 | char ha1[da->digest_size * 2 + 1]; | 844 | char ha1[VLA_ARRAY_LEN_DIGEST(da->digest_size) * 2 + 1]; |
819 | char qop[15]; /* auth,auth-int */ | 845 | char qop[15]; /* auth,auth-int */ |
820 | char nc[20]; | 846 | char nc[20]; |
821 | char response[MAX_AUTH_RESPONSE_LENGTH]; | 847 | char response[MAX_AUTH_RESPONSE_LENGTH]; |
822 | const char *hentity = NULL; /* "auth-int" is not supported */ | 848 | const char *hentity = NULL; /* "auth-int" is not supported */ |
823 | char noncehashexp[NONCE_STD_LEN(da->digest_size) + 1]; | 849 | char noncehashexp[NONCE_STD_LEN(VLA_ARRAY_LEN_DIGEST(da->digest_size)) + 1]; |
824 | uint32_t nonce_time; | 850 | uint32_t nonce_time; |
825 | uint32_t t; | 851 | uint32_t t; |
826 | size_t left; /* number of characters left in 'header' for 'uri' */ | 852 | size_t left; /* number of characters left in 'header' for 'uri' */ |