From: Joe Orton <jorton@apache.org>
Date: Sat, 28 Aug 2004 12:19:56 +0000 (+0000)
Subject: * modules/standard/mod_digest.c (check_nonce): Fix length check.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=444fdd311293122d87fe0cebc55ff829923a4778;p=thirdparty%2Fapache%2Fhttpd.git

* modules/standard/mod_digest.c (check_nonce): Fix length check.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@104881 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/src/modules/standard/mod_digest.c b/src/modules/standard/mod_digest.c
index 49070e1160f..f8458c72ff4 100644
--- a/src/modules/standard/mod_digest.c
+++ b/src/modules/standard/mod_digest.c
@@ -280,7 +280,7 @@ static int check_nonce(pool *p, const char *prefix, const char *nonce) {
     char *timestamp = (char *)nonce + 2 * MD5_DIGESTSIZE;
     char *md5;
 
-    if (strlen(nonce) < MD5_DIGESTSIZE)
+    if (strlen(nonce) < 2 * MD5_DIGESTSIZE)
        return AUTH_REQUIRED;
 
     md5 = ap_md5(p, (unsigned char *)ap_pstrcat(p, prefix, timestamp, NULL));