Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
libmicrohttpd.4786
bsc854443-part1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bsc854443-part1.patch of Package libmicrohttpd.4786
From 4245c6e9c371a8434b13a37edbc4e6dc239813da Mon Sep 17 00:00:00 2001 From: Christian Grothoff <christian@grothoff.org> Date: Fri, 29 Nov 2013 19:18:51 +0000 Subject: eliminate theoretical stack overflow diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 77f6e3b..5cef1cf 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c @@ -593,32 +593,42 @@ MHD_digest_auth_check (struct MHD_Connection *connection, { char r[MAX_REALM_LENGTH]; - len = lookup_sub_value(r, + len = lookup_sub_value(r, sizeof (r), - header, "realm"); - if ( (0 == len) || + header, "realm"); + if ( (0 == len) || (0 != strcmp(realm, r)) ) return MHD_NO; left -= strlen ("realm") + len; } - if (0 == (len = lookup_sub_value (nonce, + if (0 == (len = lookup_sub_value (nonce, sizeof (nonce), header, "nonce"))) return MHD_NO; left -= strlen ("nonce") + len; - + if (left > 32 * 1024) { - char uri[left]; - - if (0 == lookup_sub_value(uri, - sizeof (uri), - header, "uri")) + /* we do not permit URIs longer than 32k, as we want to + make sure to not blow our stack (or per-connection + heap memory limit). Besides, 32k is already insanely + large, but of course in theory the + #MHD_OPTION_CONNECTION_MEMORY_LIMIT might be very large + and would thus permit sending a >32k authorization + header value. */ + return MHD_NO; + } + { + char uri[left]; + + if (0 == lookup_sub_value (uri, + sizeof (uri), + header, "uri")) return MHD_NO; - - /* 8 = 4 hexadecimal numbers for the timestamp */ - nonce_time = strtoul(nonce + len - 8, (char **)NULL, 16); - t = (uint32_t) MHD_monotonic_time(); + + /* 8 = 4 hexadecimal numbers for the timestamp */ + nonce_time = strtoul (nonce + len - 8, (char **)NULL, 16); + t = (uint32_t) MHD_monotonic_time(); /* * First level vetting for the nonce validity if the timestamp * attached to the nonce exceeds `nonce_timeout' then the nonce is -- cgit v0.10.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor