diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/microhttpd/digestauth.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index ea7bc1c7..d4781406 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -668,7 +668,7 @@ MHD_digest_auth_check (struct MHD_Connection *connection, | |||
668 | (0 == lookup_sub_value (qop, sizeof (qop), header, "qop")) || | 668 | (0 == lookup_sub_value (qop, sizeof (qop), header, "qop")) || |
669 | ( (0 != strcmp (qop, "auth")) && | 669 | ( (0 != strcmp (qop, "auth")) && |
670 | (0 != strcmp (qop, "")) ) || | 670 | (0 != strcmp (qop, "")) ) || |
671 | (0 == lookup_sub_value (nc, sizeof (nc), header, "nc")) || | 671 | (0 == (len = lookup_sub_value (nc, sizeof (nc), header, "nc")) ) || |
672 | (0 == lookup_sub_value (response, sizeof (response), header, "response")) ) | 672 | (0 == lookup_sub_value (response, sizeof (response), header, "response")) ) |
673 | { | 673 | { |
674 | #ifdef HAVE_MESSAGES | 674 | #ifdef HAVE_MESSAGES |
@@ -677,14 +677,11 @@ MHD_digest_auth_check (struct MHD_Connection *connection, | |||
677 | #endif | 677 | #endif |
678 | return MHD_NO; | 678 | return MHD_NO; |
679 | } | 679 | } |
680 | nci = strtoul (nc, &end, 16); | 680 | if (len != MHD_strx_to_uint64_n_ (nc, len, &nci)) |
681 | if ( ('\0' != *end) || | ||
682 | ( (LONG_MAX == nci) && | ||
683 | (ERANGE == errno) ) ) | ||
684 | { | 681 | { |
685 | #ifdef HAVE_MESSAGES | 682 | #ifdef HAVE_MESSAGES |
686 | MHD_DLOG (connection->daemon, | 683 | MHD_DLOG (connection->daemon, |
687 | "Authentication failed, invalid format.\n"); | 684 | "Authentication failed, invalid nc format.\n"); |
688 | #endif | 685 | #endif |
689 | return MHD_NO; /* invalid nonce format */ | 686 | return MHD_NO; /* invalid nonce format */ |
690 | } | 687 | } |