mod_auth_digest: Fast validation of the nonce's base64 to fail early if

                 the format can't match anyway.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885659 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/changes-entries/auth_digest_nonce.txt b/changes-entries/auth_digest_nonce.txt
new file mode 100644 (file)
index 0000000..6a583f6
--- /dev/null
+++ b/changes-entries/auth_digest_nonce.txt
@@ -0,0 +1,3 @@
+  *) mod_auth_digest: Fast validation of the nonce's base64 to fail early if
+     the format can't match anyway.  [Yann Ylavic]
+

diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c
index 480f43bf16418cdedc7fd07a856dd129ae5ae45b..c15514b9eac76f76a82283b1858e204c2f6874ae 100644 (file)
--- a/modules/aaa/mod_auth_digest.c
+++ b/modules/aaa/mod_auth_digest.c
@@ -1427,9 +1427,14 @@ static int check_nonce(request_rec *r, digest_header_rec *resp,
     time_rec nonce_time;
     char tmp, hash[NONCE_HASH_LEN+1];
 
-    if (strlen(resp->nonce) != NONCE_LEN) {
+    /* Since the time part of the nonce is a base64 encoding of an
+     * apr_time_t (8 bytes), it should end with a '=', fail early otherwise.
+     */
+    if (strlen(resp->nonce) != NONCE_LEN
+            || resp->nonce[NONCE_TIME_LEN - 1] != '=') {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01775)
-                      "invalid nonce %s received - length is not %d",
+                      "invalid nonce '%s' received - length is not %d "
+                      "or time encoding is incorrect",
                       resp->nonce, NONCE_LEN);
         note_digest_auth_failure(r, conf, resp, 1);
         return HTTP_UNAUTHORIZED;