summaryrefslogtreecommitdiff
path: root/src/microhttpd/digestauth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/microhttpd/digestauth.c')
-rw-r--r--src/microhttpd/digestauth.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index f461abd4..ea7bc1c7 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -619,7 +619,15 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
header value. */
return MHD_NO;
}
- nonce_time = strtoul (nonce + len - TIMESTAMP_HEX_LEN, (char **)NULL, 16);
+ if (TIMESTAMP_HEX_LEN != MHD_strx_to_uint32_n_ (nonce + len - TIMESTAMP_HEX_LEN,
+ TIMESTAMP_HEX_LEN, &nonce_time))
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (connection->daemon,
+ "Authentication failed, invalid timestamp format.\n");
+#endif
+ return MHD_NO;
+ }
t = (uint32_t) MHD_monotonic_sec_counter();
/*
* First level vetting for the nonce validity: if the timestamp