aboutsummaryrefslogtreecommitdiff
path: root/src/microhttpd/digestauth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/microhttpd/digestauth.c')
-rw-r--r--src/microhttpd/digestauth.c39
1 files changed, 36 insertions, 3 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index fac12ec0..6bb2aa22 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1937,8 +1937,15 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
1937 return MHD_DAUTH_WRONG_HEADER; 1937 return MHD_DAUTH_WRONG_HEADER;
1938 1938
1939 /* ** A quick check for presence of all required parameters ** */ 1939 /* ** A quick check for presence of all required parameters ** */
1940 if (NULL == params->username.value.str) 1940 if ((NULL == params->username.value.str) &&
1941 (NULL == params->username_ext.value.str))
1941 return MHD_DAUTH_WRONG_HEADER; 1942 return MHD_DAUTH_WRONG_HEADER;
1943 else if ((NULL != params->username.value.str) &&
1944 (NULL != params->username_ext.value.str))
1945 return MHD_DAUTH_WRONG_HEADER; /* Parameters cannot be used together */
1946 else if ((NULL != params->username_ext.value.str) &&
1947 (MHD_DAUTH_EXT_PARAM_MIN_LEN > params->username_ext.value.len))
1948 return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
1942 1949
1943 if (NULL == params->realm.value.str) 1950 if (NULL == params->realm.value.str)
1944 return MHD_DAUTH_WRONG_HEADER; 1951 return MHD_DAUTH_WRONG_HEADER;
@@ -1989,8 +1996,34 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
1989 1996
1990 /* Check 'username' */ 1997 /* Check 'username' */
1991 username_len = strlen (username); 1998 username_len = strlen (username);
1992 if (! is_param_equal (&params->username, username, username_len)) 1999 if (NULL != params->username.value.str)
1993 return MHD_DAUTH_WRONG_USERNAME; 2000 { /* Username in standard notation */
2001 if (! is_param_equal (&params->username, username, username_len))
2002 return MHD_DAUTH_WRONG_USERNAME;
2003 }
2004 else
2005 { /* Username in extended notation */
2006 char *r_uname;
2007 size_t buf_size = params->username_ext.value.len;
2008 ssize_t res;
2009
2010 mhd_assert (NULL != params->username_ext.value.str);
2011 mhd_assert (MHD_DAUTH_EXT_PARAM_MIN_LEN <= buf_size); /* It was checked already */
2012 buf_size += 1; /* For zero-termination */
2013 buf_size -= MHD_DAUTH_EXT_PARAM_MIN_LEN;
2014 r_uname = get_buffer_for_size (tmp1, ptmp2, &tmp2_size, buf_size);
2015 if (NULL == r_uname)
2016 return (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < buf_size) ?
2017 MHD_DAUTH_TOO_LARGE : MHD_DAUTH_ERROR;
2018 res = get_rq_extended_uname_copy_z (params->username_ext.value.str,
2019 params->username_ext.value.len,
2020 r_uname, buf_size);
2021 if (0 > res)
2022 return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
2023 if ((username_len != (size_t) res) ||
2024 (0 != memcmp (username, r_uname, username_len)))
2025 return MHD_DAUTH_WRONG_USERNAME;
2026 }
1994 /* 'username' valid */ 2027 /* 'username' valid */
1995 2028
1996 /* Check 'realm' */ 2029 /* Check 'realm' */