[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r37032 - libmicrohttpd/src/microhttpd
From: |
gnunet |
Subject: |
[GNUnet-SVN] r37032 - libmicrohttpd/src/microhttpd |
Date: |
Tue, 12 Apr 2016 16:36:14 +0200 |
Author: Karlson2k
Date: 2016-04-12 16:36:14 +0200 (Tue, 12 Apr 2016)
New Revision: 37032
Modified:
libmicrohttpd/src/microhttpd/digestauth.c
Log:
MHD_digest_auth_check(): decode timestamp value by internal function, added
error checking,
added buffer overrun checking.
digest auth now should be more secure
Modified: libmicrohttpd/src/microhttpd/digestauth.c
===================================================================
--- libmicrohttpd/src/microhttpd/digestauth.c 2016-04-12 14:36:11 UTC (rev
37031)
+++ libmicrohttpd/src/microhttpd/digestauth.c 2016-04-12 14:36:14 UTC (rev
37032)
@@ -619,7 +619,15 @@
header value. */
return MHD_NO;
}
- nonce_time = strtoul (nonce + len - TIMESTAMP_HEX_LEN, (char **)NULL, 16);
+ if (TIMESTAMP_HEX_LEN != MHD_strx_to_uint32_n_ (nonce + len -
TIMESTAMP_HEX_LEN,
+ TIMESTAMP_HEX_LEN,
&nonce_time))
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (connection->daemon,
+ "Authentication failed, invalid timestamp format.\n");
+#endif
+ return MHD_NO;
+ }
t = (uint32_t) MHD_monotonic_sec_counter();
/*
* First level vetting for the nonce validity: if the timestamp
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r37032 - libmicrohttpd/src/microhttpd,
gnunet <=