[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r36834 - libmicrohttpd/src/microhttpd
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r36834 - libmicrohttpd/src/microhttpd |
|
Date: |
Mon, 18 Jan 2016 21:56:34 +0100 |
Author: grothoff
Date: 2016-01-18 21:56:34 +0100 (Mon, 18 Jan 2016)
New Revision: 36834
Modified:
libmicrohttpd/src/microhttpd/digestauth.c
Log:
add redundant length check to make static checkers happy and to avoid trouble
in the future
Modified: libmicrohttpd/src/microhttpd/digestauth.c
===================================================================
--- libmicrohttpd/src/microhttpd/digestauth.c 2016-01-18 20:48:52 UTC (rev
36833)
+++ libmicrohttpd/src/microhttpd/digestauth.c 2016-01-18 20:56:34 UTC (rev
36834)
@@ -303,7 +303,7 @@
* @param connection The MHD connection structure
* @param nonce A pointer that referenced a zero-terminated array of nonce
* @param nc The nonce counter, zero to add the nonce to the array
- * @return MHD_YES if successful, MHD_NO if invalid (or we have no NC array)
+ * @return #MHD_YES if successful, #MHD_NO if invalid (or we have no NC array)
*/
static int
check_nonce_nc (struct MHD_Connection *connection,
@@ -314,6 +314,11 @@
uint32_t mod;
const char *np;
+ if (MAX_NONCE_LENGTH <= strlen (nonce))
+ return MHD_NO; /* This should be impossible, but static analysis
+ tools have a hard time with it *and* this also
+ protects against unsafe modifications that may
+ happen in the future... */
mod = connection->daemon->nonce_nc_size;
if (0 == mod)
return MHD_NO; /* no array! */
@@ -335,8 +340,8 @@
(void) MHD_mutex_lock_ (&connection->daemon->nnc_lock);
if (0 == nc)
{
- strcpy(connection->daemon->nnc[off].nonce,
- nonce);
+ strcpy (connection->daemon->nnc[off].nonce,
+ nonce);
connection->daemon->nnc[off].nc = 0;
(void) MHD_mutex_unlock_ (&connection->daemon->nnc_lock);
return MHD_YES;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r36834 - libmicrohttpd/src/microhttpd,
gnunet <=