pass buf size to li_tohex()
also change passing of fixed-sized arrays: need to pass pointer to array as otherwise size does not get enforced From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3135 152afb58-edef-0310-8abb-c4023f1b3aa9
This commit is contained in:
parent
dac02e257c
commit
e5006d88eb
1
NEWS
1
NEWS
|
|
@ -58,6 +58,7 @@ NEWS
|
|||
* [stat] mimetype.xattr-name global config option (fixes #2631)
|
||||
* [mod_webdav] allow Depth: Infinity lock on file (fixes #2296)
|
||||
* [mod_status] use snprintf() instead of sprintf()
|
||||
* pass buf size to li_tohex()
|
||||
|
||||
- 1.4.39 - 2016-01-02
|
||||
* [core] fix memset_s call (fixes #2698)
|
||||
|
|
|
|||
|
|
@ -487,8 +487,10 @@ int buffer_is_equal_right_len(const buffer *b1, const buffer *b2, size_t len) {
|
|||
return 0 == memcmp(b1->ptr + b1->used - 1 - len, b2->ptr + b2->used - 1 - len, len);
|
||||
}
|
||||
|
||||
void li_tohex(char *buf, const char *s, size_t s_len) {
|
||||
void li_tohex(char *buf, size_t buf_len, const char *s, size_t s_len) {
|
||||
size_t i;
|
||||
force_assert(2 * s_len > s_len);
|
||||
force_assert(2 * s_len < buf_len);
|
||||
|
||||
for (i = 0; i < s_len; i++) {
|
||||
buf[2*i] = hex_chars[(s[i] >> 4) & 0x0F];
|
||||
|
|
@ -502,7 +504,7 @@ void buffer_copy_string_hex(buffer *b, const char *in, size_t in_len) {
|
|||
force_assert(in_len * 2 > in_len);
|
||||
|
||||
buffer_string_set_length(b, 2 * in_len);
|
||||
li_tohex(b->ptr, in, in_len);
|
||||
li_tohex(b->ptr, buffer_string_space(b)+1, in, in_len);
|
||||
}
|
||||
|
||||
/* everything except: ! ( ) * - . 0-9 A-Z _ a-z ~ */
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ void li_utostrn(char *buf, size_t buf_len, uintmax_t val);
|
|||
void li_utostr(char *buf, uintmax_t val); /* buf must have at least LI_ITOSTRING_LENGTH bytes */
|
||||
|
||||
/* buf must be (at least) 2*s_len + 1 big. uses lower-case hex letters. */
|
||||
void li_tohex(char *buf, const char *s, size_t s_len);
|
||||
void li_tohex(char *buf, size_t buf_len, const char *s, size_t s_len);
|
||||
|
||||
char * buffer_search_string_len(buffer *b, const char *needle, size_t len);
|
||||
|
||||
|
|
|
|||
|
|
@ -44,10 +44,11 @@
|
|||
typedef unsigned char HASH[HASHLEN];
|
||||
typedef char HASHHEX[HASHHEXLEN+1];
|
||||
|
||||
static void CvtHex(const HASH Bin, char Hex[33]) {
|
||||
li_tohex(Hex, (const char*) Bin, 16);
|
||||
static void CvtHex(const HASH Bin, char (*Hex)[33]) {
|
||||
li_tohex(*Hex, sizeof(*Hex), (const char*) Bin, 16);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* the $apr1$ handling is taken from apache 1.3.x
|
||||
*/
|
||||
|
|
@ -541,7 +542,7 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
|
|||
|
||||
li_MD5_CTX Md5Ctx;
|
||||
HASH HA1;
|
||||
char a1[256];
|
||||
char a1[33];
|
||||
|
||||
li_MD5_Init(&Md5Ctx);
|
||||
li_MD5_Update(&Md5Ctx, CONST_BUF_LEN(username));
|
||||
|
|
@ -551,7 +552,7 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
|
|||
li_MD5_Update(&Md5Ctx, (unsigned char *)pw, strlen(pw));
|
||||
li_MD5_Final(HA1, &Md5Ctx);
|
||||
|
||||
CvtHex(HA1, a1);
|
||||
CvtHex(HA1, &a1);
|
||||
|
||||
if (0 == strcmp(password->ptr, a1)) {
|
||||
return 0;
|
||||
|
|
@ -819,8 +820,8 @@ typedef struct {
|
|||
|
||||
/* return values: -1: error/bad request, 0: failed, 1: success */
|
||||
int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, const char *realm_str) {
|
||||
char a1[256];
|
||||
char a2[256];
|
||||
char a1[33];
|
||||
char a2[33];
|
||||
|
||||
char *username = NULL;
|
||||
char *realm = NULL;
|
||||
|
|
@ -1008,8 +1009,8 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
|
|||
strcasecmp(algorithm, "md5-sess") == 0) {
|
||||
li_MD5_Init(&Md5Ctx);
|
||||
/* Errata ID 1649: http://www.rfc-editor.org/errata_search.php?rfc=2617 */
|
||||
CvtHex(HA1, a1);
|
||||
li_MD5_Update(&Md5Ctx, (unsigned char *)a1, 32);
|
||||
CvtHex(HA1, &a1);
|
||||
li_MD5_Update(&Md5Ctx, (unsigned char *)a1, HASHHEXLEN);
|
||||
li_MD5_Update(&Md5Ctx, CONST_STR_LEN(":"));
|
||||
li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
|
||||
li_MD5_Update(&Md5Ctx, CONST_STR_LEN(":"));
|
||||
|
|
@ -1017,7 +1018,7 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
|
|||
li_MD5_Final(HA1, &Md5Ctx);
|
||||
}
|
||||
|
||||
CvtHex(HA1, a1);
|
||||
CvtHex(HA1, &a1);
|
||||
|
||||
/* calculate H(A2) */
|
||||
li_MD5_Init(&Md5Ctx);
|
||||
|
|
@ -1032,7 +1033,7 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
|
|||
}
|
||||
*/
|
||||
li_MD5_Final(HA2, &Md5Ctx);
|
||||
CvtHex(HA2, HA2Hex);
|
||||
CvtHex(HA2, &HA2Hex);
|
||||
|
||||
/* calculate response */
|
||||
li_MD5_Init(&Md5Ctx);
|
||||
|
|
@ -1050,7 +1051,7 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
|
|||
};
|
||||
li_MD5_Update(&Md5Ctx, (unsigned char *)HA2Hex, HASHHEXLEN);
|
||||
li_MD5_Final(RespHash, &Md5Ctx);
|
||||
CvtHex(RespHash, a2);
|
||||
CvtHex(RespHash, &a2);
|
||||
|
||||
if (0 != strcmp(a2, respons)) {
|
||||
/* digest not ok */
|
||||
|
|
@ -1090,7 +1091,7 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
|
|||
}
|
||||
|
||||
|
||||
int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer *fn, char out[33]) {
|
||||
int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer *fn, char (*out)[33]) {
|
||||
HASH h;
|
||||
li_MD5_CTX Md5Ctx;
|
||||
char hh[LI_ITOSTRING_LENGTH];
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ typedef struct {
|
|||
|
||||
int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, const char *realm_str);
|
||||
int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, const char *realm_str);
|
||||
int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer *fn, char hh[33]);
|
||||
int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer *fn, char (*hh)[33]);
|
||||
int http_auth_match_rules(server *srv, array *req, const char *username, const char *group, const char *host);
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -303,7 +303,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
|
|||
response_header_insert(srv, con, CONST_STR_LEN("WWW-Authenticate"), CONST_BUF_LEN(p->tmp_buf));
|
||||
} else if (0 == strcmp(method->value->ptr, "digest")) {
|
||||
char hh[33];
|
||||
http_auth_digest_generate_nonce(srv, p, srv->tmp_buf, hh);
|
||||
http_auth_digest_generate_nonce(srv, p, srv->tmp_buf, &hh);
|
||||
|
||||
buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("Digest realm=\""));
|
||||
buffer_append_string_buffer(p->tmp_buf, realm->value);
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ int f_crypto_md5(lua_State *L) {
|
|||
li_MD5_Update(&Md5Ctx, (unsigned char *) s, (unsigned int) s_len);
|
||||
li_MD5_Final(HA1, &Md5Ctx);
|
||||
|
||||
li_tohex(hex, (const char*) HA1, 16);
|
||||
li_tohex(hex, sizeof(hex), (const char*) HA1, 16);
|
||||
|
||||
lua_pushstring(L, hex);
|
||||
|
||||
|
|
|
|||
|
|
@ -175,7 +175,7 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
|
|||
li_MD5_Update(&Md5Ctx, ts_str, 8);
|
||||
li_MD5_Final(HA1, &Md5Ctx);
|
||||
|
||||
li_tohex(hexmd5, (const char *)HA1, 16);
|
||||
li_tohex(hexmd5, sizeof(hexmd5), (const char *)HA1, 16);
|
||||
|
||||
return (32 == maclen) && const_time_memeq(mac, hexmd5, 32);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue