View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001651 | libmicrohttpd | digest authentication (HTTP) | public | 2011-01-25 00:28 | 2011-02-15 12:19 |
| Reporter | timn | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | 0.9.4 | ||||
| Summary | 0001651: MHD_queue_basic_auth_fail_response condition always false | ||||
| Description | snprintf() returns "the number of characters printed (not including the trailing '\0' used to end output to strings)" (from man snprintf). But hlen contains the number of bytes plus the null termination byte. Therefore this condition can never become true, and hence basic authentication cannot work. The attached patch fixes this problem. | ||||
| Tags | No tags attached. | ||||
| Attached Files | libmicrohttpd-0.9.5-fix-basic-auth.patch (691 bytes)
diff -urN libmicrohttpd-0.9.5/src/daemon/digestauth.c libmicrohttpd-0.9.5.fix-basic-auth/src/daemon/digestauth.c
--- libmicrohttpd-0.9.5/src/daemon/digestauth.c 2011-01-10 14:06:56.000000000 +0100
+++ libmicrohttpd-0.9.5.fix-basic-auth/src/daemon/digestauth.c 2011-01-24 21:24:52.204949568 +0100
@@ -723,12 +723,12 @@
struct MHD_Response *response)
{
int ret;
- size_t hlen = strlen(realm) + strlen("Basic realm=\"\"") + 1;
- char header[hlen];
+ size_t hlen = strlen(realm) + strlen("Basic realm=\"\"");
+ char header[hlen + 1];
if (hlen !=
snprintf(header,
- sizeof(header),
+ hlen + 1,
"Basic realm=\"%s\"",
realm))
{
| ||||
|
|
Version is actually 0.9.5 and reproducibility should be "always". |
|
|
Fixed in SVN 14276 (by removing the clearly too trivial assertion, which is simply code bloat anyway). |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2011-01-25 00:28 | timn | New Issue | |
| 2011-01-25 00:28 | timn | File Added: libmicrohttpd-0.9.5-fix-basic-auth.patch | |
| 2011-01-25 00:29 | timn | Note Added: 0004235 | |
| 2011-01-27 10:50 | Christian Grothoff | Note Added: 0004237 | |
| 2011-01-27 10:50 | Christian Grothoff | Status | new => resolved |
| 2011-01-27 10:50 | Christian Grothoff | Resolution | open => fixed |
| 2011-01-27 10:50 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2011-02-15 12:19 | Christian Grothoff | Status | resolved => closed |
| 2013-05-06 12:52 | Christian Grothoff | Category | digest authentication => digest authentication (HTTP) |
