[GNUnet-SVN] r37032 - libmicrohttpd/src/microhttpd

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r37032 - libmicrohttpd/src/microhttpd

From:	gnunet
Subject:	[GNUnet-SVN] r37032 - libmicrohttpd/src/microhttpd
Date:	Tue, 12 Apr 2016 16:36:14 +0200

Author: Karlson2k
Date: 2016-04-12 16:36:14 +0200 (Tue, 12 Apr 2016)
New Revision: 37032

Modified:
   libmicrohttpd/src/microhttpd/digestauth.c
Log:
MHD_digest_auth_check(): decode timestamp value by internal function, added 
error checking,
added buffer overrun checking.
digest auth now should be more secure

Modified: libmicrohttpd/src/microhttpd/digestauth.c
===================================================================
--- libmicrohttpd/src/microhttpd/digestauth.c   2016-04-12 14:36:11 UTC (rev 
37031)
+++ libmicrohttpd/src/microhttpd/digestauth.c   2016-04-12 14:36:14 UTC (rev 
37032)
@@ -619,7 +619,15 @@
        header value. */
     return MHD_NO;
   }
-  nonce_time = strtoul (nonce + len - TIMESTAMP_HEX_LEN, (char **)NULL, 16);
+  if (TIMESTAMP_HEX_LEN != MHD_strx_to_uint32_n_ (nonce + len - 
TIMESTAMP_HEX_LEN,
+                                                  TIMESTAMP_HEX_LEN, 
&nonce_time))
+    {
+#ifdef HAVE_MESSAGES
+      MHD_DLOG (connection->daemon,
+                "Authentication failed, invalid timestamp format.\n");
+#endif
+      return MHD_NO;
+    }
   t = (uint32_t) MHD_monotonic_sec_counter();
   /*
    * First level vetting for the nonce validity: if the timestamp

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r37032 - libmicrohttpd/src/microhttpd, gnunet <=

Prev by Date: [GNUnet-SVN] r37031 - libmicrohttpd/src/microhttpd
Next by Date: [GNUnet-SVN] r37033 - libmicrohttpd/src/microhttpd
Previous by thread: [GNUnet-SVN] r37031 - libmicrohttpd/src/microhttpd
Next by thread: [GNUnet-SVN] r37033 - libmicrohttpd/src/microhttpd
Index(es):
- Date
- Thread