diff options
Diffstat (limited to 'src/microhttpd/digestauth.c')
-rw-r--r-- | src/microhttpd/digestauth.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 2ff3cd7f..7d0719ba 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -2115,7 +2115,7 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
2115 | return MHD_DAUTH_WRONG_REALM; | 2115 | return MHD_DAUTH_WRONG_REALM; |
2116 | else if (((NULL == userdigest) || params->userhash) && | 2116 | else if (((NULL == userdigest) || params->userhash) && |
2117 | (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < params->realm.value.len)) | 2117 | (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < params->realm.value.len)) |
2118 | return MHD_DAUTH_TOO_LARGE; /* Realm is too large and it will be used in hash calculations */ | 2118 | return MHD_DAUTH_TOO_LARGE; /* Realm is too large and should be used in hash calculations */ |
2119 | 2119 | ||
2120 | if (MHD_DIGEST_AUTH_QOP_NONE != c_qop) | 2120 | if (MHD_DIGEST_AUTH_QOP_NONE != c_qop) |
2121 | { | 2121 | { |
@@ -2954,7 +2954,13 @@ MHD_queue_auth_required_response3 (struct MHD_Connection *connection, | |||
2954 | /* 'realm="xxxx", ' */ | 2954 | /* 'realm="xxxx", ' */ |
2955 | realm_len = strlen (realm); | 2955 | realm_len = strlen (realm); |
2956 | if (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < realm_len) | 2956 | if (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < realm_len) |
2957 | { | ||
2958 | #ifdef HAVE_MESSAGES | ||
2959 | MHD_DLOG (connection->daemon, | ||
2960 | _ ("The 'realm' is too large.\n")); | ||
2961 | #endif /* HAVE_MESSAGES */ | ||
2957 | return MHD_NO; | 2962 | return MHD_NO; |
2963 | } | ||
2958 | if ((NULL != memchr (realm, '\r', realm_len)) || | 2964 | if ((NULL != memchr (realm, '\r', realm_len)) || |
2959 | (NULL != memchr (realm, '\n', realm_len))) | 2965 | (NULL != memchr (realm, '\n', realm_len))) |
2960 | return MHD_NO; | 2966 | return MHD_NO; |
@@ -3034,7 +3040,21 @@ MHD_queue_auth_required_response3 (struct MHD_Connection *connection, | |||
3034 | MHD_STATICSTR_LEN_ (prefix_realm)); | 3040 | MHD_STATICSTR_LEN_ (prefix_realm)); |
3035 | p += MHD_STATICSTR_LEN_ (prefix_realm); | 3041 | p += MHD_STATICSTR_LEN_ (prefix_realm); |
3036 | mhd_assert ((buf_size - p) >= (realm_len * 2)); | 3042 | mhd_assert ((buf_size - p) >= (realm_len * 2)); |
3037 | p += MHD_str_quote (realm, realm_len, buf + p, buf_size - p); | 3043 | if (1) |
3044 | { | ||
3045 | size_t quoted_size; | ||
3046 | quoted_size = MHD_str_quote (realm, realm_len, buf + p, buf_size - p); | ||
3047 | if (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < quoted_size) | ||
3048 | { | ||
3049 | #ifdef HAVE_MESSAGES | ||
3050 | MHD_DLOG (connection->daemon, | ||
3051 | _ ("The 'realm' is too large after 'quoting'.\n")); | ||
3052 | #endif /* HAVE_MESSAGES */ | ||
3053 | free (buf); | ||
3054 | return MHD_NO; | ||
3055 | } | ||
3056 | p += quoted_size; | ||
3057 | } | ||
3038 | buf[p++] = '\"'; | 3058 | buf[p++] = '\"'; |
3039 | buf[p++] = ','; | 3059 | buf[p++] = ','; |
3040 | buf[p++] = ' '; | 3060 | buf[p++] = ' '; |