Page MenuHomeFreeBSD
Differential D36825

libfetch: Pass a zeroed digest to DigestCalcResponse.
ClosedPublic
Actions

Authored by jhb on Sep 29 2022, 10:36 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 15, 10:24 PM
Unknown Object (File)
Fri, Nov 15, 8:16 PM
Unknown Object (File)
Tue, Oct 29, 12:56 PM
Unknown Object (File)
Oct 2 2024, 7:57 AM
Unknown Object (File)
Sep 25 2024, 6:41 PM
Unknown Object (File)
Sep 25 2024, 6:40 PM
Unknown Object (File)
Sep 25 2024, 6:40 PM
Unknown Object (File)
Sep 25 2024, 4:46 PM
View All 57 Files
Subscribers
grembo
imp

Details

Reviewers
des
emaste
grembo
Commits
rG13961b5a48d1: libfetch: Pass a zeroed digest to DigestCalcResponse.
rG57fbafb8deac: libfetch: Pass a zeroed digest to DigestCalcResponse.
Summary

GCC 12 warns that passing "" (a constant of char[1]) to a parameter of
type char[33] could potentially overread. It is not clear from the
context that c->qops can never be "auth-int" (and if it can't, then
the "auth-int" handling in DigestCalcResponse is dead code that should
be removed since this is the only place the function is called).

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Sep 29 2022, 10:36 PM
Herald added a subscriber: imp. · View Herald TranscriptSep 29 2022, 10:36 PM
jhb requested review of this revision.Sep 29 2022, 10:36 PM
Harbormaster completed remote builds in B47639: Diff 111244.Sep 29 2022, 10:36 PM
jhb added a parent revision: D36824: libfetch: Use memcpy in place of an odd strncpy..Sep 29 2022, 10:36 PM
jhb added a child revision: D36826: libefivar: Fix a buffer overread..Sep 29 2022, 10:37 PM
emaste accepted this revision.Sep 30 2022, 2:24 PM

LGTM, hopefully @des can offer some insight on the auth-int issue.

This revision is now accepted and ready to land.Sep 30 2022, 2:24 PM
des added a reviewer: grembo.Oct 2 2022, 12:39 PM
des added a subscriber: grembo.

This is @grembo's code.

grembo resigned from this revision.Oct 2 2022, 5:21 PM
In D36825#836513, @des wrote:

This is @grembo's code.

@des Thanks for adding me to the review, but the code for HTTP digest authentication was contributed by Jean-Francois Dockes <jf@dockes.org> (I contributed code in the area of TLS and certificates).

Closed by commit rG57fbafb8deac: libfetch: Pass a zeroed digest to DigestCalcResponse. (authored by jhb). · Explain WhyNov 16 2022, 3:23 AM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rG57fbafb8deac: libfetch: Pass a zeroed digest to DigestCalcResponse..
jhb added a commit: rG13961b5a48d1: libfetch: Pass a zeroed digest to DigestCalcResponse..Jan 24 2023, 5:43 AM

Revision Contents
Changeset List

PathSize
lib/
libfetch/
5 lines

Diff 113170

View Options

lib/libfetch/http.c

Loading...