d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libfetch: Pass a zeroed digest to DigestCalcResponse.

Browse Source 
GCC 12 warns that passing "" (a constant of char[1]) to a parameter of
type char[33] could potentially overread.  It is not clear from the
context that c->qops can never be "auth-int" (and if it can't, then
the "auth-int" handling in DigestCalcResponse is dead code that should
be removed since this is the only place the function is called).

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D36825
This commit is contained in:
John Baldwin 2022-11-15 19:18:58 -08:00
parent 6100374ccf
commit 57fbafb8de
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/libfetch/http.c
View File

@ -1281,9 +1281,10 @@ http_digest_auth(conn_t *conn, const char *hdr, http_auth_challenge_t *c,
DigestCalcHA1(c->algo, parms->user, c->realm,
parms->password, c->nonce, cnonce, HA1);
DEBUGF("HA1: [%s]\n", HA1);
HASHHEX digest;
HASHHEX digest, null;
memset(null, 0, sizeof(null));
DigestCalcResponse(HA1, c->nonce, noncecount, cnonce, c->qop,
"GET", url->doc, "", digest);
"GET", url->doc, null, digest);
if (c->qop[0]) {
r = http_cmd(conn, "%s: Digest username=\"%s\",realm=\"%s\","