curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-13 23:52:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

digest: add check for hashing error

Browse Source 
Closes #13072
This commit is contained in:
Evgeny Grin 2024-03-07 01:35:31 +01:00 committed by Daniel Stenberg
parent 9b81f1bef2
commit 1e517e9f5c
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
lib/vauth/digest.c
View File

@ -728,8 +728,10 @@ static CURLcode auth_create_digest_http_message(
if(!hashthis) if(!hashthis)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
free(hashthis); free(hashthis);
if(result)
return result;
convert_to_ascii(hashbuf, (unsigned char *)userh); convert_to_ascii(hashbuf, (unsigned char *)userh);
} }
@ -749,8 +751,10 @@ static CURLcode auth_create_digest_http_message(
if(!hashthis) if(!hashthis)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
free(hashthis); free(hashthis);
if(result)
return result;
convert_to_ascii(hashbuf, ha1); convert_to_ascii(hashbuf, ha1);
if(digest->algo & SESSION_ALGO) { if(digest->algo & SESSION_ALGO) {
@ -759,8 +763,10 @@ static CURLcode auth_create_digest_http_message(
if(!tmp) if(!tmp)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
hash(hashbuf, (unsigned char *) tmp, strlen(tmp)); result = hash(hashbuf, (unsigned char *) tmp, strlen(tmp));
free(tmp); free(tmp);
if(result)
return result;
convert_to_ascii(hashbuf, ha1); convert_to_ascii(hashbuf, ha1);
} }
@ -786,7 +792,11 @@ static CURLcode auth_create_digest_http_message(
char hashed[65]; char hashed[65];
char *hashthis2; char *hashthis2;
hash(hashbuf, (const unsigned char *)"", 0); result = hash(hashbuf, (const unsigned char *)"", 0);
if(result) {
free(hashthis);
return result;
}
convert_to_ascii(hashbuf, (unsigned char *)hashed); convert_to_ascii(hashbuf, (unsigned char *)hashed);
hashthis2 = aprintf("%s:%s", hashthis, hashed); hashthis2 = aprintf("%s:%s", hashthis, hashed);
@ -797,8 +807,10 @@ static CURLcode auth_create_digest_http_message(
if(!hashthis) if(!hashthis)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
free(hashthis); free(hashthis);
if(result)
return result;
convert_to_ascii(hashbuf, ha2); convert_to_ascii(hashbuf, ha2);
if(digest->qop) { if(digest->qop) {
@ -812,8 +824,10 @@ static CURLcode auth_create_digest_http_message(
if(!hashthis) if(!hashthis)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); result = hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
free(hashthis); free(hashthis);
if(result)
return result;
convert_to_ascii(hashbuf, request_digest); convert_to_ascii(hashbuf, request_digest);
/* For test case 64 (snooped from a Mozilla 1.3a request) /* For test case 64 (snooped from a Mozilla 1.3a request)