aboutsummaryrefslogtreecommitdiff
path: root/src/microhttpd/digestauth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/microhttpd/digestauth.c')
-rw-r--r--src/microhttpd/digestauth.c54
1 files changed, 32 insertions, 22 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index fac3e280..d3f5f595 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -801,37 +801,47 @@ get_rq_uname (const struct MHD_RqDAuth *params,
801 mhd_assert (MHD_DIGEST_AUTH_UNAME_TYPE_INVALID != uname_type); 801 mhd_assert (MHD_DIGEST_AUTH_UNAME_TYPE_INVALID != uname_type);
802 mhd_assert (MHD_DIGEST_AUTH_UNAME_TYPE_MISSING != uname_type); 802 mhd_assert (MHD_DIGEST_AUTH_UNAME_TYPE_MISSING != uname_type);
803 803
804 if ( (MHD_DIGEST_AUTH_UNAME_TYPE_STANDARD == uname_type) || 804 uname_info->username = NULL;
805 (MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH == uname_type) ) 805 uname_info->username_len = 0;
806 uname_info->userhash_hex = NULL;
807 uname_info->userhash_hex_len = 0;
808 uname_info->userhash_bin = NULL;
809
810 if (MHD_DIGEST_AUTH_UNAME_TYPE_STANDARD == uname_type)
806 { 811 {
807 uname_info->username = (char *) (buf + buf_used); 812 uname_info->username = (char *) (buf + buf_used);
808 uname_info->username_len = 813 uname_info->username_len =
809 get_rq_param_unquoted_copy_z (&params->username, 814 get_rq_param_unquoted_copy_z (&params->username,
810 uname_info->username); 815 uname_info->username);
811 buf_used += uname_info->username_len + 1; 816 buf_used += uname_info->username_len + 1;
812 if (MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH == uname_type) 817 uname_info->uname_type = MHD_DIGEST_AUTH_UNAME_TYPE_STANDARD;
818 }
819 else if (MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH == uname_type)
820 {
821 size_t res;
822
823 uname_info->userhash_hex = (char *) (buf + buf_used);
824 uname_info->userhash_hex_len =
825 get_rq_param_unquoted_copy_z (&params->username,
826 uname_info->userhash_hex);
827 buf_used += uname_info->userhash_hex_len + 1;
828 uname_info->userhash_bin = (uint8_t *) (buf + buf_used);
829 res = MHD_hex_to_bin (uname_info->userhash_hex,
830 uname_info->userhash_hex_len,
831 uname_info->userhash_bin);
832 if (res != uname_info->username_len / 2)
813 { 833 {
814 size_t res; 834 uname_info->userhash_bin = NULL;
815 uint8_t *const bin_data = (uint8_t *) (buf + buf_used); 835 uname_info->uname_type = MHD_DIGEST_AUTH_UNAME_TYPE_INVALID;
816 res = MHD_hex_to_bin (uname_info->username,
817 uname_info->username_len,
818 bin_data);
819 if (res != uname_info->username_len / 2)
820 {
821 uname_info->userhash_bin = NULL;
822 uname_info->uname_type = MHD_DIGEST_AUTH_UNAME_TYPE_INVALID;
823 }
824 else
825 {
826 /* Avoid pointers outside allocated region when the size is zero */
827 uname_info->userhash_bin = (0 != res) ?
828 bin_data : (uint8_t *) uname_info->username;
829 uname_info->uname_type = MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH;
830 buf_used += res;
831 }
832 } 836 }
833 else 837 else
834 uname_info->uname_type = MHD_DIGEST_AUTH_UNAME_TYPE_STANDARD; 838 {
839 /* Avoid pointers outside allocated region when the size is zero */
840 if (0 == res)
841 uname_info->userhash_bin = (uint8_t *) uname_info->username;
842 uname_info->uname_type = MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH;
843 buf_used += res;
844 }
835 } 845 }
836 else if (MHD_DIGEST_AUTH_UNAME_TYPE_EXTENDED == uname_type) 846 else if (MHD_DIGEST_AUTH_UNAME_TYPE_EXTENDED == uname_type)
837 { 847 {