aboutsummaryrefslogtreecommitdiff
path: root/src/microhttpd/digestauth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/microhttpd/digestauth.c')
-rw-r--r--src/microhttpd/digestauth.c40
1 files changed, 33 insertions, 7 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 424c3761..af146c31 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -52,6 +52,32 @@
52#define NONCE_STD_LEN(digest_size) \ 52#define NONCE_STD_LEN(digest_size) \
53 ((digest_size) * 2 + TIMESTAMP_BIN_SIZE * 2) 53 ((digest_size) * 2 + TIMESTAMP_BIN_SIZE * 2)
54 54
55
56/**
57 * Maximum size of any digest hash supported by MHD.
58 * (SHA-256 > MD5).
59 */
60#define MAX_DIGEST SHA256_DIGEST_SIZE
61
62/**
63 * Macro to avoid using VLAs if the compiler does not support them.
64 */
65#if __STDC_NO_VLA__
66/**
67 * Check that @a n is below #MAX_DIGEST, then return #MAX_DIGEST.
68 *
69 * @param n length of the digest to be used for a VLA
70 */
71#define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),MAX_DIGEST)
72#else
73/**
74 * Check that @a n is below #MAX_DIGEST, then return @a n.
75 *
76 * @param n length of the digest to be used for a VLA
77 */
78#define VLA_ARRAY_LEN_DIGEST(n) (((n) <= MAX_DIGEST?1:(mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"),1)),n)
79#endif
80
55/** 81/**
56 * Beginning string for any valid Digest authentication header. 82 * Beginning string for any valid Digest authentication header.
57 */ 83 */
@@ -185,7 +211,7 @@ digest_calc_ha1_from_digest (const char *alg,
185 (MHD_str_equal_caseless_(alg, 211 (MHD_str_equal_caseless_(alg,
186 "sha-256-sess")) ) 212 "sha-256-sess")) )
187 { 213 {
188 uint8_t dig[da->digest_size]; 214 uint8_t dig[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
189 215
190 da->init (da->ctx); 216 da->init (da->ctx);
191 da->update (da->ctx, 217 da->update (da->ctx,
@@ -241,7 +267,7 @@ digest_calc_ha1_from_user (const char *alg,
241 const char *cnonce, 267 const char *cnonce,
242 struct DigestAlgorithm *da) 268 struct DigestAlgorithm *da)
243{ 269{
244 unsigned char ha1[da->digest_size]; 270 unsigned char ha1[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
245 271
246 da->init (da->ctx); 272 da->init (da->ctx);
247 da->update (da->ctx, 273 da->update (da->ctx,
@@ -296,8 +322,8 @@ digest_calc_response (const char *ha1,
296 const char *hentity, 322 const char *hentity,
297 struct DigestAlgorithm *da) 323 struct DigestAlgorithm *da)
298{ 324{
299 unsigned char ha2[da->digest_size]; 325 unsigned char ha2[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
300 unsigned char resphash[da->digest_size]; 326 unsigned char resphash[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
301 (void)hentity; /* Unused. Silence compiler warning. */ 327 (void)hentity; /* Unused. Silence compiler warning. */
302 328
303 da->init (da->ctx); 329 da->init (da->ctx);
@@ -638,7 +664,7 @@ calculate_nonce (uint32_t nonce_time,
638 char *nonce) 664 char *nonce)
639{ 665{
640 unsigned char timestamp[TIMESTAMP_BIN_SIZE]; 666 unsigned char timestamp[TIMESTAMP_BIN_SIZE];
641 unsigned char tmpnonce[da->digest_size]; 667 unsigned char tmpnonce[VLA_ARRAY_LEN_DIGEST(da->digest_size)];
642 char timestamphex[TIMESTAMP_BIN_SIZE * 2 + 1]; 668 char timestamphex[TIMESTAMP_BIN_SIZE * 2 + 1];
643 669
644 da->init (da->ctx); 670 da->init (da->ctx);
@@ -815,12 +841,12 @@ digest_auth_check_all (struct MHD_Connection *connection,
815 const char *header; 841 const char *header;
816 char nonce[MAX_NONCE_LENGTH]; 842 char nonce[MAX_NONCE_LENGTH];
817 char cnonce[MAX_NONCE_LENGTH]; 843 char cnonce[MAX_NONCE_LENGTH];
818 char ha1[da->digest_size * 2 + 1]; 844 char ha1[VLA_ARRAY_LEN_DIGEST(da->digest_size) * 2 + 1];
819 char qop[15]; /* auth,auth-int */ 845 char qop[15]; /* auth,auth-int */
820 char nc[20]; 846 char nc[20];
821 char response[MAX_AUTH_RESPONSE_LENGTH]; 847 char response[MAX_AUTH_RESPONSE_LENGTH];
822 const char *hentity = NULL; /* "auth-int" is not supported */ 848 const char *hentity = NULL; /* "auth-int" is not supported */
823 char noncehashexp[NONCE_STD_LEN(da->digest_size) + 1]; 849 char noncehashexp[NONCE_STD_LEN(VLA_ARRAY_LEN_DIGEST(da->digest_size)) + 1];
824 uint32_t nonce_time; 850 uint32_t nonce_time;
825 uint32_t t; 851 uint32_t t;
826 size_t left; /* number of characters left in 'header' for 'uri' */ 852 size_t left; /* number of characters left in 'header' for 'uri' */