[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 09/15: Digest: check whether all required parameters are
|
From: |
gnunet |
|
Subject: |
[libmicrohttpd] 09/15: Digest: check whether all required parameters are present before doing heavy calculations |
|
Date: |
Tue, 19 Jul 2022 16:51:17 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit c8a549bf4c095728c6f3354f58436986f2887b7f
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Mon Jul 18 13:56:57 2022 +0300
Digest: check whether all required parameters are present before doing
heavy calculations
---
src/microhttpd/digestauth.c | 79 ++++++++++++++++++++++++---------------------
1 file changed, 43 insertions(+), 36 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 0ffde90b..5361cdb2 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -2120,31 +2120,64 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
if (NULL == params)
return MHD_DAUTH_WRONG_HEADER;
- /* Check 'username' */
+ /* A quick check for presence of all required parameters */
if (NULL == params->username.value.str)
return MHD_DAUTH_WRONG_HEADER;
+ if (NULL == params->realm.value.str)
+ return MHD_DAUTH_WRONG_HEADER;
+
+ if (NULL == params->nonce.value.str)
+ return MHD_DAUTH_WRONG_HEADER;
+ else if (0 == params->nonce.value.len)
+ return MHD_DAUTH_NONCE_WRONG;
+ else if (NONCE_STD_LEN (digest_size) * 2 < params->nonce.value.len)
+ return MHD_DAUTH_NONCE_WRONG;
+
+ if (NULL == params->cnonce.value.str)
+ return MHD_DAUTH_WRONG_HEADER;
+ else if (0 == params->cnonce.value.len)
+ return MHD_DAUTH_WRONG_HEADER;
+
+ if (NULL == params->qop.value.str)
+ return MHD_DAUTH_WRONG_HEADER;
+ else if (0 == params->qop.value.len)
+ return MHD_DAUTH_WRONG_QOP;
+ else if (MHD_STATICSTR_LEN_ ("auth-int") * 2 < params->qop.value.len)
+ return MHD_DAUTH_WRONG_QOP;
+
+ if (NULL == params->nc.value.str)
+ return MHD_DAUTH_WRONG_HEADER;
+ else if (0 == params->nc.value.len)
+ return MHD_DAUTH_WRONG_HEADER;
+ else if (4 * 8 < params->nc.value.len) /* Four times more than needed */
+ return MHD_DAUTH_WRONG_HEADER;
+
+ if (NULL == params->response.value.str)
+ return MHD_DAUTH_WRONG_HEADER;
+ else if (0 == params->response.value.len)
+ return MHD_DAUTH_RESPONSE_WRONG;
+ else if (digest_size * 4 < params->response.value.len)
+ return MHD_DAUTH_RESPONSE_WRONG;
+
+ if (NULL == params->uri.value.str)
+ return MHD_DAUTH_WRONG_HEADER;
+ else if (0 == params->uri.value.len)
+ return MHD_DAUTH_WRONG_URI;
+
+ /* Check 'username' */
username_len = strlen (username);
if (! is_param_equal (¶ms->username, username, username_len))
return MHD_DAUTH_WRONG_USERNAME;
/* 'username' valid */
/* Check 'realm' */
- if (NULL == params->realm.value.str)
- return MHD_DAUTH_WRONG_HEADER;
realm_len = strlen (realm);
if (! is_param_equal (¶ms->realm, realm, realm_len))
return MHD_DAUTH_WRONG_REALM;
/* 'realm' valid */
/* Check 'nonce' */
- if (NULL == params->nonce.value.str)
- return MHD_DAUTH_WRONG_HEADER;
- else if (0 == params->nonce.value.len)
- return MHD_DAUTH_NONCE_WRONG;
- else if (NONCE_STD_LEN (digest_size) * 2 < params->nonce.value.len)
- return MHD_DAUTH_NONCE_WRONG;
-
unq_res = get_unquoted_param (¶ms->nonce, tmp1, ptmp2, &tmp2_size,
&unquoted);
if (_MHD_UNQ_OK != unq_res)
@@ -2195,10 +2228,6 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
/* 'nonce' valid */
/* Get 'cnonce' */
- if (NULL == params->cnonce.value.str)
- return MHD_DAUTH_WRONG_HEADER;
- else if (0 == params->cnonce.value.len)
- return MHD_DAUTH_WRONG_HEADER;
unq_res = get_unquoted_param (¶ms->cnonce, tmp1, ptmp2, &tmp2_size,
&unquoted);
if (_MHD_UNQ_OK != unq_res)
@@ -2214,12 +2243,6 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
/* Got 'cnonce' */
/* Get 'qop' */
- if (NULL == params->qop.value.str)
- return MHD_DAUTH_WRONG_HEADER;
- else if (0 == params->qop.value.len)
- return MHD_DAUTH_WRONG_QOP;
- else if (MHD_STATICSTR_LEN_ ("auth-int") * 2 < params->qop.value.len)
- return MHD_DAUTH_WRONG_QOP;
unq_res = get_unquoted_param (¶ms->qop, tmp1, ptmp2, &tmp2_size,
&unquoted);
if (_MHD_UNQ_OK != unq_res)
@@ -2238,12 +2261,6 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
/* Got 'qop' */
/* Get 'nc' */
- if (NULL == params->nc.value.str)
- return MHD_DAUTH_WRONG_HEADER;
- else if (0 == params->nc.value.len)
- return MHD_DAUTH_WRONG_HEADER;
- else if (4 * 8 < params->nc.value.len) /* Four time more than needed */
- return MHD_DAUTH_NONCE_WRONG;
unq_res = get_unquoted_param (¶ms->nc, tmp1, ptmp2, &tmp2_size,
&unquoted);
if (_MHD_UNQ_OK != unq_res)
@@ -2275,12 +2292,6 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
/* Got 'nc' */
/* Get 'response' */
- if (NULL == params->response.value.str)
- return MHD_DAUTH_WRONG_HEADER;
- else if (0 == params->response.value.len)
- return MHD_DAUTH_RESPONSE_WRONG;
- else if (digest_size * 4 < params->response.value.len)
- return MHD_DAUTH_RESPONSE_WRONG;
unq_res = get_unquoted_param (¶ms->response, tmp1, ptmp2, &tmp2_size,
&unquoted);
if (_MHD_UNQ_OK != unq_res)
@@ -2332,10 +2343,6 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
}
/* Get 'uri' */
- if (NULL == params->uri.value.str)
- return MHD_DAUTH_WRONG_HEADER;
- else if (0 == params->uri.value.len)
- return MHD_DAUTH_WRONG_URI;
unq_res = get_unquoted_param_copy (¶ms->uri, tmp1, ptmp2, &tmp2_size,
&unq_copy);
if (_MHD_UNQ_OK != unq_res)
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (d629ada1 -> 76b5b195), gnunet, 2022/07/19
- [libmicrohttpd] 03/15: Use new functions for decode request URLs, gnunet, 2022/07/19
- [libmicrohttpd] 01/15: mhd_str: added functions for percent-decoding, gnunet, 2022/07/19
- [libmicrohttpd] 02/15: Added tests for percent-decoding functions, gnunet, 2022/07/19
- [libmicrohttpd] 05/15: Added tests for hex <-> binary functions, gnunet, 2022/07/19
- [libmicrohttpd] 12/15: microhttpd.h: added special enum for hash types, gnunet, 2022/07/19
- [libmicrohttpd] 04/15: mhd_str: added MHD_hex_to_bin() internal function, gnunet, 2022/07/19
- [libmicrohttpd] 09/15: Digest: check whether all required parameters are present before doing heavy calculations,
gnunet <=
- [libmicrohttpd] 06/15: mhd_str: added macros for simple comparison against static strings, gnunet, 2022/07/19
- [libmicrohttpd] 08/15: Digest: use binary zero to separate get params in digest, gnunet, 2022/07/19
- [libmicrohttpd] 07/15: Added new functions MHD_digest_auth_get_request_info3() and MHD_digest_auth_get_username3(), gnunet, 2022/07/19
- [libmicrohttpd] 15/15: microhttpd.h: formatted some deprecation warnings, gnunet, 2022/07/19
- [libmicrohttpd] 10/15: Digest: moved URI match check to separate function, avoid one memcpy(), gnunet, 2022/07/19
- [libmicrohttpd] 11/15: digest_auth_check: mostly rewritten, simplified, optimised, gnunet, 2022/07/19
- [libmicrohttpd] 13/15: digest: small internal refactoring to clarify used hash type, gnunet, 2022/07/19
- [libmicrohttpd] 14/15: digest_auth_check(): check and report wrong algorithm, gnunet, 2022/07/19