From 661a5ee03c1ff438edd46994653c8a5fa3cd075e Mon Sep 17 00:00:00 2001
From: "Evgeny Grin (Karlson2k)" <k2k@narod.ru>
Date: Tue, 12 Apr 2016 14:36:16 +0000
Subject: MHD_digest_auth_check(): used internal function to decode nc, fixed
 incorrect check (should be 'ULONG_MAX', not 'LONG_MAX'), new check is more
 strict. Function should be more secure now.

---
 src/microhttpd/digestauth.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index ea7bc1c7..d4781406 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -668,7 +668,7 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
        (0 == lookup_sub_value (qop, sizeof (qop), header, "qop")) ||
        ( (0 != strcmp (qop, "auth")) &&
          (0 != strcmp (qop, "")) ) ||
-       (0 == lookup_sub_value (nc, sizeof (nc), header, "nc"))  ||
+       (0 == (len = lookup_sub_value (nc, sizeof (nc), header, "nc")) )  ||
        (0 == lookup_sub_value (response, sizeof (response), header, "response")) )
     {
 #ifdef HAVE_MESSAGES
@@ -677,14 +677,11 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
 #endif
       return MHD_NO;
     }
-  nci = strtoul (nc, &end, 16);
-  if ( ('\0' != *end) ||
-       ( (LONG_MAX == nci) &&
-         (ERANGE == errno) ) )
+  if (len != MHD_strx_to_uint64_n_ (nc, len, &nci))
     {
 #ifdef HAVE_MESSAGES
       MHD_DLOG (connection->daemon,
-		"Authentication failed, invalid format.\n");
+		"Authentication failed, invalid nc format.\n");
 #endif
       return MHD_NO; /* invalid nonce format */
     }
-- 
cgit v1.2.3