You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2004/08/28 14:19:56 UTC
cvs commit: apache-1.3/src/modules/standard mod_digest.c
jorton 2004/08/28 05:19:56
Modified: src/modules/standard mod_digest.c
Log:
* modules/standard/mod_digest.c (check_nonce): Fix length check.
Revision Changes Path
1.56 +1 -1 apache-1.3/src/modules/standard/mod_digest.c
Index: mod_digest.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_digest.c,v
retrieving revision 1.55
retrieving revision 1.56
diff -d -w -u -r1.55 -r1.56
--- mod_digest.c 15 Apr 2004 15:51:52 -0000 1.55
+++ mod_digest.c 28 Aug 2004 12:19:56 -0000 1.56
@@ -280,7 +280,7 @@
char *timestamp = (char *)nonce + 2 * MD5_DIGESTSIZE;
char *md5;
- if (strlen(nonce) < MD5_DIGESTSIZE)
+ if (strlen(nonce) < 2 * MD5_DIGESTSIZE)
return AUTH_REQUIRED;
md5 = ap_md5(p, (unsigned char *)ap_pstrcat(p, prefix, timestamp, NULL));