diff options
Diffstat (limited to 'src/microhttpd/digestauth.c')
-rw-r--r-- | src/microhttpd/digestauth.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index d4e23fef..8f04bf38 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -732,6 +732,7 @@ calculate_nonce (uint32_t nonce_time, | |||
732 | * @param connection the connection | 732 | * @param connection the connection |
733 | * @param key the key | 733 | * @param key the key |
734 | * @param value the value, can be NULL | 734 | * @param value the value, can be NULL |
735 | * @param value_size number of bytes in @a value | ||
735 | * @param kind type of the header | 736 | * @param kind type of the header |
736 | * @return #MHD_YES if the key-value pair is in the headers, | 737 | * @return #MHD_YES if the key-value pair is in the headers, |
737 | * #MHD_NO if not | 738 | * #MHD_NO if not |
@@ -740,6 +741,7 @@ static int | |||
740 | test_header (struct MHD_Connection *connection, | 741 | test_header (struct MHD_Connection *connection, |
741 | const char *key, | 742 | const char *key, |
742 | const char *value, | 743 | const char *value, |
744 | size_t value_size, | ||
743 | enum MHD_ValueKind kind) | 745 | enum MHD_ValueKind kind) |
744 | { | 746 | { |
745 | struct MHD_HTTP_Header *pos; | 747 | struct MHD_HTTP_Header *pos; |
@@ -748,6 +750,8 @@ test_header (struct MHD_Connection *connection, | |||
748 | { | 750 | { |
749 | if (kind != pos->kind) | 751 | if (kind != pos->kind) |
750 | continue; | 752 | continue; |
753 | if (value_size != pos->value_size) | ||
754 | continue; | ||
751 | if (0 != strcmp (key, | 755 | if (0 != strcmp (key, |
752 | pos->header)) | 756 | pos->header)) |
753 | continue; | 757 | continue; |
@@ -756,8 +760,9 @@ test_header (struct MHD_Connection *connection, | |||
756 | return MHD_YES; | 760 | return MHD_YES; |
757 | if ( (NULL == value) || | 761 | if ( (NULL == value) || |
758 | (NULL == pos->value) || | 762 | (NULL == pos->value) || |
759 | (0 != strcmp (value, | 763 | (0 != memcmp (value, |
760 | pos->value)) ) | 764 | pos->value, |
765 | value_size)) ) | ||
761 | continue; | 766 | continue; |
762 | return MHD_YES; | 767 | return MHD_YES; |
763 | } | 768 | } |
@@ -862,6 +867,7 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
862 | uint32_t t; | 867 | uint32_t t; |
863 | size_t left; /* number of characters left in 'header' for 'uri' */ | 868 | size_t left; /* number of characters left in 'header' for 'uri' */ |
864 | uint64_t nci; | 869 | uint64_t nci; |
870 | char *qmark; | ||
865 | 871 | ||
866 | VLA_CHECK_LEN_DIGEST(da->digest_size); | 872 | VLA_CHECK_LEN_DIGEST(da->digest_size); |
867 | header = MHD_lookup_connection_value (connection, | 873 | header = MHD_lookup_connection_value (connection, |
@@ -1072,15 +1078,17 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
1072 | uri, | 1078 | uri, |
1073 | hentity, | 1079 | hentity, |
1074 | da); | 1080 | da); |
1075 | 1081 | qmark = strchr (uri, | |
1082 | '?'); | ||
1083 | if (NULL != qmark) | ||
1084 | *qmark = '\0'; | ||
1076 | 1085 | ||
1077 | /* Need to unescape URI before comparing with connection->url */ | 1086 | /* Need to unescape URI before comparing with connection->url */ |
1078 | daemon->unescape_callback (daemon->unescape_callback_cls, | 1087 | daemon->unescape_callback (daemon->unescape_callback_cls, |
1079 | connection, | 1088 | connection, |
1080 | uri); | 1089 | uri); |
1081 | if (0 != strncmp (uri, | 1090 | if (0 != strcmp (uri, |
1082 | connection->url, | 1091 | connection->url)) |
1083 | strlen (connection->url))) | ||
1084 | { | 1092 | { |
1085 | #ifdef HAVE_MESSAGES | 1093 | #ifdef HAVE_MESSAGES |
1086 | MHD_DLOG (daemon, | 1094 | MHD_DLOG (daemon, |
@@ -1091,8 +1099,7 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
1091 | } | 1099 | } |
1092 | 1100 | ||
1093 | { | 1101 | { |
1094 | const char *args = strchr (uri, | 1102 | const char *args = qmark; |
1095 | '?'); | ||
1096 | 1103 | ||
1097 | if (NULL == args) | 1104 | if (NULL == args) |
1098 | args = ""; | 1105 | args = ""; |