Page MenuHomeFreeBSD

libfetch: Pass a zeroed digest to DigestCalcResponse.
ClosedPublic

Authored by jhb on Sep 29 2022, 10:36 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Oct 29, 12:56 PM
Unknown Object (File)
Oct 2 2024, 7:57 AM
Unknown Object (File)
Sep 25 2024, 6:41 PM
Unknown Object (File)
Sep 25 2024, 6:40 PM
Unknown Object (File)
Sep 25 2024, 6:40 PM
Unknown Object (File)
Sep 25 2024, 4:46 PM
Unknown Object (File)
Sep 20 2024, 5:36 PM
Unknown Object (File)
Sep 18 2024, 4:06 AM
Subscribers

Details

Summary

GCC 12 warns that passing "" (a constant of char[1]) to a parameter of
type char[33] could potentially overread. It is not clear from the
context that c->qops can never be "auth-int" (and if it can't, then
the "auth-int" handling in DigestCalcResponse is dead code that should
be removed since this is the only place the function is called).

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb requested review of this revision.Sep 29 2022, 10:36 PM

LGTM, hopefully @des can offer some insight on the auth-int issue.

This revision is now accepted and ready to land.Sep 30 2022, 2:24 PM
des added a subscriber: grembo.

This is @grembo's code.

In D36825#836513, @des wrote:

This is @grembo's code.

@des Thanks for adding me to the review, but the code for HTTP digest authentication was contributed by Jean-Francois Dockes <jf@dockes.org> (I contributed code in the area of TLS and certificates).