[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r14203 - in libmicrohttpd: . src/daemon
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r14203 - in libmicrohttpd: . src/daemon |
|
Date: |
Wed, 19 Jan 2011 00:00:03 +0100 |
Author: grothoff
Date: 2011-01-19 00:00:02 +0100 (Wed, 19 Jan 2011)
New Revision: 14203
Modified:
libmicrohttpd/AUTHORS
libmicrohttpd/ChangeLog
libmicrohttpd/src/daemon/digestauth.c
Log:
[libmicrohttpd] [digest-auth]: bug in hash algorithm
From:
Andreas Wehrmann <address@hidden>
To:
address@hidden
Date:
Today 08:58:43 am
Spam Status: Spamassassin 0% probability of being spam.
Full report:
Probability=No, score=-3.2 required=7.0 tests=AWL,BAYES_00 autolearn=ham
version=3.2.5-tuminfo_1
Hello!
I wrote a little testpage that I deliver using libmicrohttpd using
digest authentication.
The testpage consists of four files (framed page + image file).
When I initially connected to the webserver via the browser it correctly
challenged me
for my credentials. However, after entering the username and password
the index file
got loaded but it happened that the browser then challenged me again for
each
additional file to be loaded.
Since this is very annoying I tried increasing the nonce table size to 3000
(was default) but it was no good.
I then dug a little deeper and found out, that the hash algorithm to
determine the index
for a given nonce always returned zero thus overwriting other nonces.
The offending line is at check_nonce_nc() in digestauth.c:313:
off = (off << 8) | (*np & (off >> 24));
whereas is should be:
off = (off << 8) | (*np ^ (off >> 24));
Since "off" is initialized with zero and an unsigned integer
a logical AND returns zero which is not right obviously.
After this fix, the server challenged me only once and I got "random"
indices.
I found the problem in libmicrohttpd 0.9.5.
Best regards,
Andreas Wehrmann
--
Dipl.-Ing. (FH) Andreas Wehrmann
Software Development
--------------------------------------------------------------
Center Communication Systems GmbH
A-1210 Wien, Ignaz-K?\195?\182ck-Stra?\195?\159e 19
Sitz in Wien
FN 796 88p, Firmenbuchgericht Wien
www.centersystems.com
Tel.: +43 (0) 190 199 - 3616
Mobile: +43 (0) 664 884 75916
Fax: +43 (0) 190 199 - 2110
E-Mail: address@hidden
Modified: libmicrohttpd/AUTHORS
===================================================================
--- libmicrohttpd/AUTHORS 2011-01-18 18:39:48 UTC (rev 14202)
+++ libmicrohttpd/AUTHORS 2011-01-18 23:00:02 UTC (rev 14203)
@@ -28,6 +28,7 @@
Piotr Grzybowski <address@hidden>
Gerrit Telkamp <address@hidden>
Erik Slagter <address@hidden>
+Andreas Wehrmann <address@hidden>
Documentation contributions also came from:
Marco Maggi <address@hidden>
Modified: libmicrohttpd/ChangeLog
===================================================================
--- libmicrohttpd/ChangeLog 2011-01-18 18:39:48 UTC (rev 14202)
+++ libmicrohttpd/ChangeLog 2011-01-18 23:00:02 UTC (rev 14203)
@@ -1,3 +1,8 @@
+Tue Jan 18 23:58:09 CET 2011
+ Fixing hash calculation in digest auth; old function had
+ collisions causing the browser to challenge users for
+ authentication too often. -CG/AW
+
Fri Jan 14 19:19:45 CET 2011
Removing dead code, adding missing new symbols to export list.
Fixed two missing NULL checks after malloc operations. -CG
Modified: libmicrohttpd/src/daemon/digestauth.c
===================================================================
--- libmicrohttpd/src/daemon/digestauth.c 2011-01-18 18:39:48 UTC (rev
14202)
+++ libmicrohttpd/src/daemon/digestauth.c 2011-01-18 23:00:02 UTC (rev
14203)
@@ -310,7 +310,7 @@
np = nonce;
while (*np != '\0')
{
- off = (off << 8) | (*np & (off >> 24));
+ off = (off << 8) | (*np ^ (off >> 24));
np++;
}
off = off % mod;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r14203 - in libmicrohttpd: . src/daemon,
gnunet <=