gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] branch master updated (2de47d20 -> 8e4eba0e)

From: gnunet
Subject: [libmicrohttpd] branch master updated (2de47d20 -> 8e4eba0e)
Date: Thu, 23 Jun 2022 21:14:38 +0200 
This is an automated email from the git hooks/post-receive script.

karlson2k pushed a change to branch master
in repository libmicrohttpd.

    from 2de47d20 digestauth: use size_t for counting headers
     new b41fedd5 digestauth: use pre-calculated URI length to avoid stop at 
first binary zero
     new 8e4eba0e digestauth: use GET parameters in digest calculation

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 src/microhttpd/digestauth.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 41a016df..1e25fa4a 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -929,12 +929,15 @@ calculate_nonce (uint64_t nonce_time,
                  const char *rnd,
                  size_t rnd_size,
                  const char *uri,
+                 size_t uri_len,
+                 struct MHD_HTTP_Req_Header *first_header,
                  const char *realm,
                  size_t realm_len,
                  struct DigestAlgorithm *da,
                  char *nonce)
 {
   uint8_t timestamp[TIMESTAMP_BIN_SIZE];
+  struct MHD_HTTP_Req_Header *h;
 
   digest_init (da);
   /* If the nonce_time is milliseconds, then the same 48 bit value will repeat
@@ -969,7 +972,18 @@ calculate_nonce (uint64_t nonce_time,
                  1);
   digest_update (da,
                  (const unsigned char *) uri,
-                 strlen (uri));
+                 uri_len);
+  for (h = first_header; NULL != h; h = h->next)
+  {
+    if (MHD_GET_ARGUMENT_KIND != h->kind)
+      continue;
+    digest_update (da, (const uint8_t *) "##", 3);
+    if (0 != h->header_size)
+      digest_update (da, (const uint8_t *) h->header, h->header_size);
+    digest_update (da, (const uint8_t *) "#", 2);
+    if (0 != h->value_size)
+      digest_update (da, (const uint8_t *) h->value, h->value_size);
+  }
   digest_update (da,
                  (const unsigned char *) ":",
                  1);
@@ -1079,6 +1093,8 @@ calculate_add_nonce (struct MHD_Connection *const 
connection,
                    daemon->digest_auth_random,
                    daemon->digest_auth_rand_size,
                    connection->url,
+                   connection->url_len,
+                   connection->headers_received,
                    realm,
                    realm_len,
                    da,
@@ -1590,6 +1606,8 @@ digest_auth_check_all_inner (struct MHD_Connection 
*connection,
                    daemon->digest_auth_random,
                    daemon->digest_auth_rand_size,
                    connection->url,
+                   connection->url_len,
+                   connection->headers_received,
                    realm,
                    realm_len,
                    da,

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]