diff options
Diffstat (limited to 'src/microhttpd/digestauth.c')
-rw-r--r-- | src/microhttpd/digestauth.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index f95f4d62..b0e7ce00 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -385,8 +385,10 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
385 | uint32_t off; | 385 | uint32_t off; |
386 | uint32_t mod; | 386 | uint32_t mod; |
387 | const char *np; | 387 | const char *np; |
388 | size_t noncelen; | ||
388 | 389 | ||
389 | if (MAX_NONCE_LENGTH <= strlen (nonce)) | 390 | noncelen = strlen (nonce) + 1; |
391 | if (MAX_NONCE_LENGTH < noncelen) | ||
390 | return MHD_NO; /* This should be impossible, but static analysis | 392 | return MHD_NO; /* This should be impossible, but static analysis |
391 | tools have a hard time with it *and* this also | 393 | tools have a hard time with it *and* this also |
392 | protects against unsafe modifications that may | 394 | protects against unsafe modifications that may |
@@ -413,8 +415,9 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
413 | if (0 == nc) | 415 | if (0 == nc) |
414 | { | 416 | { |
415 | /* Fresh nonce, reinitialize array */ | 417 | /* Fresh nonce, reinitialize array */ |
416 | strcpy (nn->nonce, | 418 | memcpy (nn->nonce, |
417 | nonce); | 419 | nonce, |
420 | noncelen); | ||
418 | nn->nc = 0; | 421 | nn->nc = 0; |
419 | nn->nmask = 0; | 422 | nn->nmask = 0; |
420 | MHD_mutex_unlock_chk_ (&daemon->nnc_lock); | 423 | MHD_mutex_unlock_chk_ (&daemon->nnc_lock); |