From abe138ee3aaadea496fbdddd23d79fbe40113171 Mon Sep 17 00:00:00 2001 From: "Evgeny Grin (Karlson2k)" Date: Tue, 7 Jun 2022 20:23:18 +0300 Subject: Fixed wrong usage of maximum client nonce size as maximum size of server nonce This also saves some RAM for nonce-nc map array --- src/microhttpd/digestauth.c | 8 ++++---- src/microhttpd/internal.h | 12 ++++++++++-- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index c3717d47..890fc129 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c @@ -751,7 +751,7 @@ check_nonce_nc (struct MHD_Connection *connection, mhd_assert (0 != noncelen); mhd_assert (strlen (nonce) == noncelen); mhd_assert (0 != nc); - if (MAX_NONCE_LENGTH < noncelen) + if (MAX_DIGEST_NONCE_LENGTH < noncelen) return MHD_CHECK_NONCENC_WRONG; /* This should be impossible, but static analysis tools have a hard time with it *and* this also protects against unsafe modifications that may @@ -1010,7 +1010,7 @@ is_slot_available (const struct MHD_NonceNc *const nn, uint64_t timestamp; bool timestamp_valid; mhd_assert (new_nonce_len <= NONCE_STD_LEN (MAX_DIGEST)); - mhd_assert (NONCE_STD_LEN (MAX_DIGEST) < MAX_NONCE_LENGTH); + mhd_assert (NONCE_STD_LEN (MAX_DIGEST) <= MAX_DIGEST_NONCE_LENGTH); if (0 == nn->nonce[0]) return true; /* The slot is empty */ @@ -1071,7 +1071,7 @@ calculate_add_nonce (struct MHD_Connection *const connection, const size_t nonce_size = NONCE_STD_LEN (digest_get_size (da)); bool ret; - mhd_assert (MAX_NONCE_LENGTH >= nonce_size); + mhd_assert (MAX_DIGEST_NONCE_LENGTH >= nonce_size); mhd_assert (0 != nonce_size); calculate_nonce (timestamp, @@ -1427,7 +1427,7 @@ digest_auth_check_all (struct MHD_Connection *connection, unsigned int nonce_timeout) { struct MHD_Daemon *daemon = MHD_get_master (connection->daemon); - char cnonce[MAX_NONCE_LENGTH]; + char cnonce[MAX_CLIENT_NONCE_LENGTH]; const unsigned int digest_size = digest_get_size (da); char ha1[VLA_ARRAY_LEN_DIGEST (digest_size) * 2 + 1]; char qop[15]; /* auth,auth-int */ diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h index 4f03b8fc..92fa932b 100644 --- a/src/microhttpd/internal.h +++ b/src/microhttpd/internal.h @@ -240,8 +240,16 @@ enum MHD_ConnectionEventLoopInfo * (already) takes more (see Mantis #1633), so we've increased the * value to support something longer... */ -#define MAX_NONCE_LENGTH 129 +#define MAX_CLIENT_NONCE_LENGTH 129 +/** + * The maximum size of MHD-generated nonce when printed with hexadecimal chars. + * + * This is equal to "(32 bytes for SHA-256 nonce plus 6 bytes for timestamp) + * multiplied by two hex chars per byte". + * Please keep it in sync with digestauth.c + */ +#define MAX_DIGEST_NONCE_LENGTH ((32 + 6) * 2) /** * A structure representing the internal holder of the @@ -269,7 +277,7 @@ struct MHD_NonceNc /** * Nonce value: */ - char nonce[MAX_NONCE_LENGTH + 1]; + char nonce[MAX_DIGEST_NONCE_LENGTH + 1]; }; -- cgit v1.2.3