diff options
Diffstat (limited to 'src/microhttpd')
| -rw-r--r-- | src/microhttpd/connection.c | 12 | ||||
| -rw-r--r-- | src/microhttpd/digestauth.c | 9 |
2 files changed, 14 insertions, 7 deletions
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 6a58e04a..0afbe2ac 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
| @@ -1407,6 +1407,7 @@ build_header_response (struct MHD_Connection *connection) | |||
| 1407 | struct MHD_HTTP_Header *pos; | 1407 | struct MHD_HTTP_Header *pos; |
| 1408 | char code[256]; | 1408 | char code[256]; |
| 1409 | char date[128]; | 1409 | char date[128]; |
| 1410 | size_t datelen; | ||
| 1410 | char content_length_buf[128]; | 1411 | char content_length_buf[128]; |
| 1411 | size_t content_length_len; | 1412 | size_t content_length_len; |
| 1412 | char *data; | 1413 | char *data; |
| @@ -1461,7 +1462,8 @@ build_header_response (struct MHD_Connection *connection) | |||
| 1461 | sizeof (date)); | 1462 | sizeof (date)); |
| 1462 | else | 1463 | else |
| 1463 | date[0] = '\0'; | 1464 | date[0] = '\0'; |
| 1464 | size += strlen (date); | 1465 | datelen = strlen (date); |
| 1466 | size += datelen; | ||
| 1465 | } | 1467 | } |
| 1466 | else | 1468 | else |
| 1467 | { | 1469 | { |
| @@ -1469,6 +1471,7 @@ build_header_response (struct MHD_Connection *connection) | |||
| 1469 | size = 2; | 1471 | size = 2; |
| 1470 | kind = MHD_FOOTER_KIND; | 1472 | kind = MHD_FOOTER_KIND; |
| 1471 | off = 0; | 1473 | off = 0; |
| 1474 | datelen = 0; | ||
| 1472 | } | 1475 | } |
| 1473 | 1476 | ||
| 1474 | /* calculate extra headers we need to add, such as 'Connection: close', | 1477 | /* calculate extra headers we need to add, such as 'Connection: close', |
| @@ -1713,9 +1716,10 @@ build_header_response (struct MHD_Connection *connection) | |||
| 1713 | } | 1716 | } |
| 1714 | if (MHD_CONNECTION_FOOTERS_RECEIVED == connection->state) | 1717 | if (MHD_CONNECTION_FOOTERS_RECEIVED == connection->state) |
| 1715 | { | 1718 | { |
| 1716 | strcpy (&data[off], | 1719 | memcpy (&data[off], |
| 1717 | date); | 1720 | date, |
| 1718 | off += strlen (date); | 1721 | datelen); |
| 1722 | off += datelen; | ||
| 1719 | } | 1723 | } |
| 1720 | memcpy (&data[off], | 1724 | memcpy (&data[off], |
| 1721 | "\r\n", | 1725 | "\r\n", |
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index f95f4d62..b0e7ce00 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
| @@ -385,8 +385,10 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
| 385 | uint32_t off; | 385 | uint32_t off; |
| 386 | uint32_t mod; | 386 | uint32_t mod; |
| 387 | const char *np; | 387 | const char *np; |
| 388 | size_t noncelen; | ||
| 388 | 389 | ||
| 389 | if (MAX_NONCE_LENGTH <= strlen (nonce)) | 390 | noncelen = strlen (nonce) + 1; |
| 391 | if (MAX_NONCE_LENGTH < noncelen) | ||
| 390 | return MHD_NO; /* This should be impossible, but static analysis | 392 | return MHD_NO; /* This should be impossible, but static analysis |
| 391 | tools have a hard time with it *and* this also | 393 | tools have a hard time with it *and* this also |
| 392 | protects against unsafe modifications that may | 394 | protects against unsafe modifications that may |
| @@ -413,8 +415,9 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
| 413 | if (0 == nc) | 415 | if (0 == nc) |
| 414 | { | 416 | { |
| 415 | /* Fresh nonce, reinitialize array */ | 417 | /* Fresh nonce, reinitialize array */ |
| 416 | strcpy (nn->nonce, | 418 | memcpy (nn->nonce, |
| 417 | nonce); | 419 | nonce, |
| 420 | noncelen); | ||
| 418 | nn->nc = 0; | 421 | nn->nc = 0; |
| 419 | nn->nmask = 0; | 422 | nn->nmask = 0; |
| 420 | MHD_mutex_unlock_chk_ (&daemon->nnc_lock); | 423 | MHD_mutex_unlock_chk_ (&daemon->nnc_lock); |