1 files changed, 20 insertions, 9 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 926ac5f4..5505118c 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -3507,6 +3507,7 @@ queue_auth_required_response3_inner (struct MHD_Connection *connection,
  size_t buf_size;
  char *buf;
  size_t p; /* The position in the buffer */
+  char *hdr_name;
  if (0 != (((unsigned int) malgo3) & MHD_DIGEST_AUTH_ALGO3_SESSION))
  {
@@ -3836,24 +3837,34 @@ queue_auth_required_response3_inner (struct MHD_Connection *connection,
    buf[p++] = ' ';
  }
  mhd_assert (buf_size >= p);
-  /* The build string ends with ", ". Replace comma with zero-termination. */
+  /* The built string ends with ", ". Replace comma with zero-termination. */
  --p;
  buf[--p] = 0;
-  if (! MHD_add_response_entry_no_check_ (response, MHD_HEADER_KIND,
+  hdr_name = malloc (MHD_STATICSTR_LEN_ (MHD_HTTP_HEADER_WWW_AUTHENTICATE) + 1);
-                                          MHD_HTTP_HEADER_WWW_AUTHENTICATE,
+  if (NULL != hdr_name)
+  {
+    memcpy (hdr_name, MHD_HTTP_HEADER_WWW_AUTHENTICATE,
+            MHD_STATICSTR_LEN_ (MHD_HTTP_HEADER_WWW_AUTHENTICATE) + 1);
+    if (MHD_add_response_entry_no_alloc_ (response, MHD_HEADER_KIND,
+                                          hdr_name,
                                          MHD_STATICSTR_LEN_ ( \
                                            MHD_HTTP_HEADER_WWW_AUTHENTICATE),
                                          buf, p))
-  {
+    {
+      *buf_ptr = NULL; /* The buffer will be free()ed when the response is destroyed */
+      return MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response);
+    }
 #ifdef HAVE_MESSAGES
-    MHD_DLOG (connection->daemon,
+    else
-              _ ("Failed to add Digest auth header.\n"));
+    {
+      MHD_DLOG (connection->daemon,
+                _ ("Failed to add Digest auth header.\n"));
+    }
 #endif /* HAVE_MESSAGES */
-    return MHD_NO;
+    free (hdr_name);
  }
+  return MHD_NO;
-  return MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response);
 }

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 926ac5f4..5505118c 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c
@@ -3507,6 +3507,7 @@ queue_auth_required_response3_inner (struct MHD_Connection *connection,
3507	size_t buf_size;	3507	size_t buf_size;
3508	char *buf;	3508	char *buf;
3509	size_t p; /* The position in the buffer */	3509	size_t p; /* The position in the buffer */
		3510	char *hdr_name;
3510		3511
3511	if (0 != (((unsigned int) malgo3) & MHD_DIGEST_AUTH_ALGO3_SESSION))	3512	if (0 != (((unsigned int) malgo3) & MHD_DIGEST_AUTH_ALGO3_SESSION))
3512	{	3513	{
@@ -3836,24 +3837,34 @@ queue_auth_required_response3_inner (struct MHD_Connection *connection,
3836	buf[p++] = ' ';	3837	buf[p++] = ' ';
3837	}	3838	}
3838	mhd_assert (buf_size >= p);	3839	mhd_assert (buf_size >= p);
3839	/* The build string ends with ", ". Replace comma with zero-termination. */	3840	/* The built string ends with ", ". Replace comma with zero-termination. */
3840	--p;	3841	--p;
3841	buf[--p] = 0;	3842	buf[--p] = 0;
3842		3843
3843	if (! MHD_add_response_entry_no_check_ (response, MHD_HEADER_KIND,	3844	hdr_name = malloc (MHD_STATICSTR_LEN_ (MHD_HTTP_HEADER_WWW_AUTHENTICATE) + 1);
3844	MHD_HTTP_HEADER_WWW_AUTHENTICATE,	3845	if (NULL != hdr_name)
		3846	{
		3847	memcpy (hdr_name, MHD_HTTP_HEADER_WWW_AUTHENTICATE,
		3848	MHD_STATICSTR_LEN_ (MHD_HTTP_HEADER_WWW_AUTHENTICATE) + 1);
		3849	if (MHD_add_response_entry_no_alloc_ (response, MHD_HEADER_KIND,
		3850	hdr_name,
3845	MHD_STATICSTR_LEN_ ( \	3851	MHD_STATICSTR_LEN_ ( \
3846	MHD_HTTP_HEADER_WWW_AUTHENTICATE),	3852	MHD_HTTP_HEADER_WWW_AUTHENTICATE),
3847	buf, p))	3853	buf, p))
3848	{	3854	{
		3855	buf_ptr = NULL; / The buffer will be free()ed when the response is destroyed */
		3856	return MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response);
		3857	}
3849	#ifdef HAVE_MESSAGES	3858	#ifdef HAVE_MESSAGES
3850	MHD_DLOG (connection->daemon,	3859	else
3851	_ ("Failed to add Digest auth header.\n"));	3860	{
		3861	MHD_DLOG (connection->daemon,
		3862	_ ("Failed to add Digest auth header.\n"));
		3863	}
3852	#endif /* HAVE_MESSAGES */	3864	#endif /* HAVE_MESSAGES */
3853	return MHD_NO;	3865	free (hdr_name);
3854	}	3866	}
3855		3867	return MHD_NO;
3856	return MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response);
3857	}	3868	}
3858		3869
3859		3870