* modules/standard/mod_digest.c (check_nonce): Fix length check.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@104881 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/src/modules/standard/mod_digest.c b/src/modules/standard/mod_digest.c
index 49070e1160fc992f9adb08795285f4d0e593174b..f8458c72ff43beec26fa5d3f33e505ecc5bf1821 100644 (file)
--- a/src/modules/standard/mod_digest.c
+++ b/src/modules/standard/mod_digest.c
@@ -280,7 +280,7 @@ static int check_nonce(pool *p, const char *prefix, const char *nonce) {
     char *timestamp = (char *)nonce + 2 * MD5_DIGESTSIZE;
     char *md5;
 
-    if (strlen(nonce) < MD5_DIGESTSIZE)
+    if (strlen(nonce) < 2 * MD5_DIGESTSIZE)
        return AUTH_REQUIRED;
 
     md5 = ap_md5(p, (unsigned char *)ap_pstrcat(p, prefix, timestamp, NULL));