/*
* HTTP support routines for CUPS.
*
- * Copyright 2007-2018 by Apple Inc.
+ * Copyright 2007-2019 by Apple Inc.
* Copyright 1997-2007 by Easy Software Products, all rights reserved.
*
* Licensed under Apache License v2.0. See the file "LICENSE" for more
*/
#include "cups-private.h"
+#include "debug-internal.h"
#ifdef HAVE_DNSSD
# include <dns_sd.h>
# ifdef _WIN32
char *s, /* I - String buffer */
int slen) /* I - Size of string buffer */
{
- struct tm *tdate; /* UNIX date/time data */
+ struct tm tdate; /* UNIX date/time data */
- tdate = gmtime(&t);
- if (tdate)
- snprintf(s, (size_t)slen, "%s, %02d %s %d %02d:%02d:%02d GMT", http_days[tdate->tm_wday], tdate->tm_mday, http_months[tdate->tm_mon], tdate->tm_year + 1900, tdate->tm_hour, tdate->tm_min, tdate->tm_sec);
- else
- s[0] = '\0';
+ gmtime_r(&t, &tdate);
+
+ snprintf(s, (size_t)slen, "%s, %02d %s %d %02d:%02d:%02d GMT", http_days[tdate.tm_wday], tdate.tm_mday, http_months[tdate.tm_mon], tdate.tm_year + 1900, tdate.tm_hour, tdate.tm_min, tdate.tm_sec);
return (s);
}
DEBUG_printf(("4httpGetDateTime: day=%d, mon=\"%s\", year=%d, hour=%d, "
"min=%d, sec=%d", day, mon, year, hour, min, sec));
+ /*
+ * Check for invalid year (RFC 7231 says it's 4DIGIT)
+ */
+
+ if (year > 9999)
+ return (0);
+
/*
* Convert the month name to a number from 0 to 11.
*/
digest[1024]; /* Digest auth data */
unsigned char hash[32]; /* Hash buffer */
size_t hashsize; /* Size of hash */
+ _cups_globals_t *cg = _cupsGlobals(); /* Per-thread globals */
DEBUG_printf(("2_httpSetDigestAuthString(http=%p, nonce=\"%s\", method=\"%s\", resource=\"%s\")", (void *)http, nonce, method, resource));
* RFC 2617 Digest with MD5
*/
+ if (cg->digestoptions == _CUPS_DIGESTOPTIONS_DENYMD5)
+ {
+ DEBUG_puts("3_httpSetDigestAuthString: MD5 Digest is disabled.");
+ return (0);
+ }
+
hashalg = "md5";
}
else if (!_cups_strcasecmp(http->algorithm, "SHA-256"))