diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2021-06-12 03:57:58 -0400 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2021-08-27 02:16:53 -0400 |
commit | 870b0c134318cd1b4ecbe819b9728fe122587371 (patch) | |
tree | 004209337fdb49f68acfe381de55de8bc19b6e9e /src/mod_auth.c | |
parent | c841ce3b0b75fbfd9d1440da6e35bf6ad1485ef7 (diff) | |
download | lighttpd-git-870b0c134318cd1b4ecbe819b9728fe122587371.tar.gz |
[mod_auth] mod_auth_algorithm_parse() w/ algo len
mod_auth_algorithm_parse() now takes an additional arg: algorithm strlen
Diffstat (limited to 'src/mod_auth.c')
-rw-r--r-- | src/mod_auth.c | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/src/mod_auth.c b/src/mod_auth.c index 1f8b3913..d8811c09 100644 --- a/src/mod_auth.c +++ b/src/mod_auth.c @@ -285,15 +285,13 @@ static data_auth *data_auth_init(void) return dauth; } -static int mod_auth_algorithm_parse(http_auth_info_t *ai, const char *s) { - size_t len; - if (NULL == s) { +static int mod_auth_algorithm_parse(http_auth_info_t *ai, const char *s, size_t len) { + if (0 == len) { ai->dalgo = HTTP_AUTH_DIGEST_MD5; ai->dlen = HTTP_AUTH_DIGEST_MD5_BINLEN; return 1; } - len = strlen(s); if (len > 5 && (s[len-5] ) == '-' && (s[len-4] | 0x20) == 's' @@ -339,14 +337,11 @@ static int mod_auth_algorithm_parse(http_auth_info_t *ai, const char *s) { } static int mod_auth_algorithms_parse(int *algorithm, buffer *algos) { - for (char *s = algos->ptr, *p; s; s = p ? p+1 : NULL) { + for (const char *s = algos->ptr, *p; s; s = p ? p+1 : NULL) { http_auth_info_t ai; - int rc; p = strchr(s, '|'); - if (p) *p = '\0'; - rc = mod_auth_algorithm_parse(&ai, s); - if (p) *p = '|'; - if (!rc) return 0; + if (!mod_auth_algorithm_parse(&ai, s, p ? (size_t)(p - s) : strlen(s))) + return 0; *algorithm |= ai.dalgo; } return 1; @@ -1240,7 +1235,7 @@ static handler_t mod_auth_check_digest(request_st * const r, void *p_d, const st return mod_auth_send_401_unauthorized_digest(r, require, 0); } - if (!mod_auth_algorithm_parse(&ai, algorithm) + if (!mod_auth_algorithm_parse(&ai, algorithm, strlen(algorithm)) || !(require->algorithm & ai.dalgo & ~HTTP_AUTH_DIGEST_SESS)) { log_error(r->conf.errh, __FILE__, __LINE__, "digest: (%s): invalid", algorithm); |