diff options
Diffstat (limited to 'src/microhttpd')
-rw-r--r-- | src/microhttpd/connection.c | 12 | ||||
-rw-r--r-- | src/microhttpd/digestauth.c | 9 |
2 files changed, 14 insertions, 7 deletions
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 6a58e04a..0afbe2ac 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
@@ -1407,6 +1407,7 @@ build_header_response (struct MHD_Connection *connection) | |||
1407 | struct MHD_HTTP_Header *pos; | 1407 | struct MHD_HTTP_Header *pos; |
1408 | char code[256]; | 1408 | char code[256]; |
1409 | char date[128]; | 1409 | char date[128]; |
1410 | size_t datelen; | ||
1410 | char content_length_buf[128]; | 1411 | char content_length_buf[128]; |
1411 | size_t content_length_len; | 1412 | size_t content_length_len; |
1412 | char *data; | 1413 | char *data; |
@@ -1461,7 +1462,8 @@ build_header_response (struct MHD_Connection *connection) | |||
1461 | sizeof (date)); | 1462 | sizeof (date)); |
1462 | else | 1463 | else |
1463 | date[0] = '\0'; | 1464 | date[0] = '\0'; |
1464 | size += strlen (date); | 1465 | datelen = strlen (date); |
1466 | size += datelen; | ||
1465 | } | 1467 | } |
1466 | else | 1468 | else |
1467 | { | 1469 | { |
@@ -1469,6 +1471,7 @@ build_header_response (struct MHD_Connection *connection) | |||
1469 | size = 2; | 1471 | size = 2; |
1470 | kind = MHD_FOOTER_KIND; | 1472 | kind = MHD_FOOTER_KIND; |
1471 | off = 0; | 1473 | off = 0; |
1474 | datelen = 0; | ||
1472 | } | 1475 | } |
1473 | 1476 | ||
1474 | /* calculate extra headers we need to add, such as 'Connection: close', | 1477 | /* calculate extra headers we need to add, such as 'Connection: close', |
@@ -1713,9 +1716,10 @@ build_header_response (struct MHD_Connection *connection) | |||
1713 | } | 1716 | } |
1714 | if (MHD_CONNECTION_FOOTERS_RECEIVED == connection->state) | 1717 | if (MHD_CONNECTION_FOOTERS_RECEIVED == connection->state) |
1715 | { | 1718 | { |
1716 | strcpy (&data[off], | 1719 | memcpy (&data[off], |
1717 | date); | 1720 | date, |
1718 | off += strlen (date); | 1721 | datelen); |
1722 | off += datelen; | ||
1719 | } | 1723 | } |
1720 | memcpy (&data[off], | 1724 | memcpy (&data[off], |
1721 | "\r\n", | 1725 | "\r\n", |
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index f95f4d62..b0e7ce00 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -385,8 +385,10 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
385 | uint32_t off; | 385 | uint32_t off; |
386 | uint32_t mod; | 386 | uint32_t mod; |
387 | const char *np; | 387 | const char *np; |
388 | size_t noncelen; | ||
388 | 389 | ||
389 | if (MAX_NONCE_LENGTH <= strlen (nonce)) | 390 | noncelen = strlen (nonce) + 1; |
391 | if (MAX_NONCE_LENGTH < noncelen) | ||
390 | return MHD_NO; /* This should be impossible, but static analysis | 392 | return MHD_NO; /* This should be impossible, but static analysis |
391 | tools have a hard time with it *and* this also | 393 | tools have a hard time with it *and* this also |
392 | protects against unsafe modifications that may | 394 | protects against unsafe modifications that may |
@@ -413,8 +415,9 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
413 | if (0 == nc) | 415 | if (0 == nc) |
414 | { | 416 | { |
415 | /* Fresh nonce, reinitialize array */ | 417 | /* Fresh nonce, reinitialize array */ |
416 | strcpy (nn->nonce, | 418 | memcpy (nn->nonce, |
417 | nonce); | 419 | nonce, |
420 | noncelen); | ||
418 | nn->nc = 0; | 421 | nn->nc = 0; |
419 | nn->nmask = 0; | 422 | nn->nmask = 0; |
420 | MHD_mutex_unlock_chk_ (&daemon->nnc_lock); | 423 | MHD_mutex_unlock_chk_ (&daemon->nnc_lock); |