1 files changed, 15 insertions, 8 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index d4e23fef..8f04bf38 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -732,6 +732,7 @@ calculate_nonce (uint32_t nonce_time,
 * @param connection the connection
 * @param key the key
 * @param value the value, can be NULL
+ * @param value_size number of bytes in @a value
 * @param kind type of the header
 * @return #MHD_YES if the key-value pair is in the headers,
 *         #MHD_NO if not
@@ -740,6 +741,7 @@ static int
 test_header (struct MHD_Connection *connection,
             const char *key,
             const char *value,
+             size_t value_size,
             enum MHD_ValueKind kind)
 {
  struct MHD_HTTP_Header *pos;
@@ -748,6 +750,8 @@ test_header (struct MHD_Connection *connection,
    {
      if (kind != pos->kind)
        continue;
+      if (value_size != pos->value_size)
+        continue;
      if (0 != strcmp (key,
                       pos->header))
        continue;
@@ -756,8 +760,9 @@ test_header (struct MHD_Connection *connection,
        return MHD_YES;
      if ( (NULL == value) ||
           (NULL == pos->value) ||
-           (0 != strcmp (value,
+           (0 != memcmp (value,
-                         pos->value)) )
+                         pos->value,
+                         value_size)) )
        continue;
      return MHD_YES;
    }
@@ -862,6 +867,7 @@ digest_auth_check_all (struct MHD_Connection *connection,
  uint32_t t;
  size_t left; /* number of characters left in 'header' for 'uri' */
  uint64_t nci;
+  char *qmark;
  VLA_CHECK_LEN_DIGEST(da->digest_size);
  header = MHD_lookup_connection_value (connection,
@@ -1072,15 +1078,17 @@ digest_auth_check_all (struct MHD_Connection *connection,
                          uri,
                          hentity,
                          da);
+    qmark = strchr (uri,
+                    '?');
+    if (NULL != qmark)
+      *qmark = '\0';
    /* Need to unescape URI before comparing with connection->url */
    daemon->unescape_callback (daemon->unescape_callback_cls,
                               connection,
                               uri);
-    if (0 != strncmp (uri,
+    if (0 != strcmp (uri,
-                      connection->url,
+                     connection->url))
-                      strlen (connection->url)))
    {
 #ifdef HAVE_MESSAGES
      MHD_DLOG (daemon,
@@ -1091,8 +1099,7 @@ digest_auth_check_all (struct MHD_Connection *connection,
    }
    {
-      const char *args = strchr (uri,
+      const char *args = qmark;
-                                 '?');
      if (NULL == args)
        args = "";

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index d4e23fef..8f04bf38 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c
@@ -732,6 +732,7 @@ calculate_nonce (uint32_t nonce_time,
732	* @param connection the connection	732	* @param connection the connection
733	* @param key the key	733	* @param key the key
734	* @param value the value, can be NULL	734	* @param value the value, can be NULL
		735	* @param value_size number of bytes in @a value
735	* @param kind type of the header	736	* @param kind type of the header
736	* @return #MHD_YES if the key-value pair is in the headers,	737	* @return #MHD_YES if the key-value pair is in the headers,
737	* #MHD_NO if not	738	* #MHD_NO if not
@@ -740,6 +741,7 @@ static int
740	test_header (struct MHD_Connection *connection,	741	test_header (struct MHD_Connection *connection,
741	const char *key,	742	const char *key,
742	const char *value,	743	const char *value,
		744	size_t value_size,
743	enum MHD_ValueKind kind)	745	enum MHD_ValueKind kind)
744	{	746	{
745	struct MHD_HTTP_Header *pos;	747	struct MHD_HTTP_Header *pos;
@@ -748,6 +750,8 @@ test_header (struct MHD_Connection *connection,
748	{	750	{
749	if (kind != pos->kind)	751	if (kind != pos->kind)
750	continue;	752	continue;
		753	if (value_size != pos->value_size)
		754	continue;
751	if (0 != strcmp (key,	755	if (0 != strcmp (key,
752	pos->header))	756	pos->header))
753	continue;	757	continue;
@@ -756,8 +760,9 @@ test_header (struct MHD_Connection *connection,
756	return MHD_YES;	760	return MHD_YES;
757	if ( (NULL == value) \|\|	761	if ( (NULL == value) \|\|
758	(NULL == pos->value) \|\|	762	(NULL == pos->value) \|\|
759	(0 != strcmp (value,	763	(0 != memcmp (value,
760	pos->value)) )	764	pos->value,
		765	value_size)) )
761	continue;	766	continue;
762	return MHD_YES;	767	return MHD_YES;
763	}	768	}
@@ -862,6 +867,7 @@ digest_auth_check_all (struct MHD_Connection *connection,
862	uint32_t t;	867	uint32_t t;
863	size_t left; /* number of characters left in 'header' for 'uri' */	868	size_t left; /* number of characters left in 'header' for 'uri' */
864	uint64_t nci;	869	uint64_t nci;
		870	char *qmark;
865		871
866	VLA_CHECK_LEN_DIGEST(da->digest_size);	872	VLA_CHECK_LEN_DIGEST(da->digest_size);
867	header = MHD_lookup_connection_value (connection,	873	header = MHD_lookup_connection_value (connection,
@@ -1072,15 +1078,17 @@ digest_auth_check_all (struct MHD_Connection *connection,
1072	uri,	1078	uri,
1073	hentity,	1079	hentity,
1074	da);	1080	da);
1075		1081	qmark = strchr (uri,
		1082	'?');
		1083	if (NULL != qmark)
		1084	*qmark = '\0';
1076		1085
1077	/* Need to unescape URI before comparing with connection->url */	1086	/* Need to unescape URI before comparing with connection->url */
1078	daemon->unescape_callback (daemon->unescape_callback_cls,	1087	daemon->unescape_callback (daemon->unescape_callback_cls,
1079	connection,	1088	connection,
1080	uri);	1089	uri);
1081	if (0 != strncmp (uri,	1090	if (0 != strcmp (uri,
1082	connection->url,	1091	connection->url))
1083	strlen (connection->url)))
1084	{	1092	{
1085	#ifdef HAVE_MESSAGES	1093	#ifdef HAVE_MESSAGES
1086	MHD_DLOG (daemon,	1094	MHD_DLOG (daemon,
@@ -1091,8 +1099,7 @@ digest_auth_check_all (struct MHD_Connection *connection,
1091	}	1099	}
1092		1100
1093	{	1101	{
1094	const char *args = strchr (uri,	1102	const char *args = qmark;
1095	'?');
1096		1103
1097	if (NULL == args)	1104	if (NULL == args)
1098	args = "";	1105	args = "";