File bsc854443-part1.patch of Package libmicrohttpd

From 4245c6e9c371a8434b13a37edbc4e6dc239813da Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Fri, 29 Nov 2013 19:18:51 +0000
Subject: eliminate theoretical stack overflow


diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 77f6e3b..5cef1cf 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -593,32 +593,42 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
   {
     char r[MAX_REALM_LENGTH];
 
-    len = lookup_sub_value(r, 
+    len = lookup_sub_value(r,
 			   sizeof (r),
-			   header, "realm");  
-    if ( (0 == len) || 
+			   header, "realm");
+    if ( (0 == len) ||
 	 (0 != strcmp(realm, r)) )
       return MHD_NO;
     left -= strlen ("realm") + len;
   }
 
-  if (0 == (len = lookup_sub_value (nonce, 
+  if (0 == (len = lookup_sub_value (nonce,
 				    sizeof (nonce),
 				    header, "nonce")))
     return MHD_NO;
   left -= strlen ("nonce") + len;
-
+  if (left > 32 * 1024)
   {
-    char uri[left];  
-  
-    if (0 == lookup_sub_value(uri,
-			      sizeof (uri),
-			      header, "uri")) 
+    /* we do not permit URIs longer than 32k, as we want to
+       make sure to not blow our stack (or per-connection
+       heap memory limit).  Besides, 32k is already insanely
+       large, but of course in theory the
+       #MHD_OPTION_CONNECTION_MEMORY_LIMIT might be very large
+       and would thus permit sending a >32k authorization
+       header value. */
+    return MHD_NO;
+  }
+  {
+    char uri[left];
+
+    if (0 == lookup_sub_value (uri,
+                               sizeof (uri),
+                               header, "uri"))
       return MHD_NO;
-      
-    /* 8 = 4 hexadecimal numbers for the timestamp */  
-    nonce_time = strtoul(nonce + len - 8, (char **)NULL, 16);  
-    t = (uint32_t) MHD_monotonic_time();    
+
+    /* 8 = 4 hexadecimal numbers for the timestamp */
+    nonce_time = strtoul (nonce + len - 8, (char **)NULL, 16);
+    t = (uint32_t) MHD_monotonic_time();
     /*
      * First level vetting for the nonce validity if the timestamp
      * attached to the nonce exceeds `nonce_timeout' then the nonce is
-- 
cgit v0.10.2