Page MenuHomeFreeBSD
Differential D36825

libfetch: Pass a zeroed digest to DigestCalcResponse.
ClosedPublic
Actions

Authored by jhb on Sep 29 2022, 10:36 PM.
Tags
None
Referenced Files
F115709834: D36825.diff
Sun, Apr 27, 11:59 AM
F115688413: D36825.diff
Sun, Apr 27, 4:14 AM
Unknown Object (File)
Mon, Apr 14, 5:41 AM
Unknown Object (File)
Mar 17 2025, 3:32 PM
Unknown Object (File)
Mar 13 2025, 3:33 PM
Unknown Object (File)
Mar 8 2025, 12:42 PM
Unknown Object (File)
Mar 5 2025, 2:22 PM
Unknown Object (File)
Mar 2 2025, 11:02 PM
View All 69 Files
Subscribers
grembo
imp

Details

Reviewers
des
emaste
grembo
Commits
rG13961b5a48d1: libfetch: Pass a zeroed digest to DigestCalcResponse.
rG57fbafb8deac: libfetch: Pass a zeroed digest to DigestCalcResponse.
Summary

GCC 12 warns that passing "" (a constant of char[1]) to a parameter of
type char[33] could potentially overread. It is not clear from the
context that c->qops can never be "auth-int" (and if it can't, then
the "auth-int" handling in DigestCalcResponse is dead code that should
be removed since this is the only place the function is called).

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 47639
Build 44526: arc lint + arc unit

Event Timeline

jhb created this revision.Sep 29 2022, 10:36 PM
Herald added a subscriber: imp. · View Herald TranscriptSep 29 2022, 10:36 PM
jhb requested review of this revision.Sep 29 2022, 10:36 PM
Harbormaster completed remote builds in B47639: Diff 111244.Sep 29 2022, 10:36 PM
jhb added a parent revision: D36824: libfetch: Use memcpy in place of an odd strncpy..Sep 29 2022, 10:36 PM
jhb added a child revision: D36826: libefivar: Fix a buffer overread..Sep 29 2022, 10:37 PM
emaste accepted this revision.Sep 30 2022, 2:24 PM

LGTM, hopefully @des can offer some insight on the auth-int issue.

This revision is now accepted and ready to land.Sep 30 2022, 2:24 PM
des added a reviewer: grembo.Oct 2 2022, 12:39 PM
des added a subscriber: grembo.

This is @grembo's code.

grembo resigned from this revision.Oct 2 2022, 5:21 PM
In D36825#836513, @des wrote:

This is @grembo's code.

@des Thanks for adding me to the review, but the code for HTTP digest authentication was contributed by Jean-Francois Dockes <jf@dockes.org> (I contributed code in the area of TLS and certificates).

Closed by commit rG57fbafb8deac: libfetch: Pass a zeroed digest to DigestCalcResponse. (authored by jhb). · Explain WhyNov 16 2022, 3:23 AM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rG57fbafb8deac: libfetch: Pass a zeroed digest to DigestCalcResponse..
jhb added a commit: rG13961b5a48d1: libfetch: Pass a zeroed digest to DigestCalcResponse..Jan 24 2023, 5:43 AM

Revision Contents
Changeset List

PathSize
lib/
libfetch/
5 lines

Diff 111244

View Options

lib/libfetch/http.c

Loading...