diff options
Diffstat (limited to 'src/microhttpd/digestauth.c')
| -rw-r--r-- | src/microhttpd/digestauth.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index f95f4d62..b0e7ce00 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
| @@ -385,8 +385,10 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
| 385 | uint32_t off; | 385 | uint32_t off; |
| 386 | uint32_t mod; | 386 | uint32_t mod; |
| 387 | const char *np; | 387 | const char *np; |
| 388 | size_t noncelen; | ||
| 388 | 389 | ||
| 389 | if (MAX_NONCE_LENGTH <= strlen (nonce)) | 390 | noncelen = strlen (nonce) + 1; |
| 391 | if (MAX_NONCE_LENGTH < noncelen) | ||
| 390 | return MHD_NO; /* This should be impossible, but static analysis | 392 | return MHD_NO; /* This should be impossible, but static analysis |
| 391 | tools have a hard time with it *and* this also | 393 | tools have a hard time with it *and* this also |
| 392 | protects against unsafe modifications that may | 394 | protects against unsafe modifications that may |
| @@ -413,8 +415,9 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
| 413 | if (0 == nc) | 415 | if (0 == nc) |
| 414 | { | 416 | { |
| 415 | /* Fresh nonce, reinitialize array */ | 417 | /* Fresh nonce, reinitialize array */ |
| 416 | strcpy (nn->nonce, | 418 | memcpy (nn->nonce, |
| 417 | nonce); | 419 | nonce, |
| 420 | noncelen); | ||
| 418 | nn->nc = 0; | 421 | nn->nc = 0; |
| 419 | nn->nmask = 0; | 422 | nn->nmask = 0; |
| 420 | MHD_mutex_unlock_chk_ (&daemon->nnc_lock); | 423 | MHD_mutex_unlock_chk_ (&daemon->nnc_lock); |