diff options
Diffstat (limited to 'src/net/tcp')
| -rw-r--r-- | src/net/tcp/httpcore.c | 14 | ||||
| -rw-r--r-- | src/net/tcp/iscsi.c | 14 |
2 files changed, 16 insertions, 12 deletions
diff --git a/src/net/tcp/httpcore.c b/src/net/tcp/httpcore.c index 42a0f90e..d94ab5f0 100644 --- a/src/net/tcp/httpcore.c +++ b/src/net/tcp/httpcore.c @@ -1122,12 +1122,14 @@ static void http_digest_update ( struct md5_context *ctx, const char *string ) { * * @v ctx Digest context * @v out Buffer for digest output + * @v len Buffer length */ -static void http_digest_final ( struct md5_context *ctx, char *out ) { +static void http_digest_final ( struct md5_context *ctx, char *out, + size_t len ) { uint8_t digest[MD5_DIGEST_SIZE]; digest_final ( &md5_algorithm, ctx, digest ); - base16_encode ( digest, sizeof ( digest ), out ); + base16_encode ( digest, sizeof ( digest ), out, len ); } /** @@ -1172,20 +1174,20 @@ static char * http_digest_auth ( struct http_request *http, http_digest_update ( &ctx, user ); http_digest_update ( &ctx, realm ); http_digest_update ( &ctx, password ); - http_digest_final ( &ctx, ha1 ); + http_digest_final ( &ctx, ha1, sizeof ( ha1 ) ); if ( md5sess ) { http_digest_init ( &ctx ); http_digest_update ( &ctx, ha1 ); http_digest_update ( &ctx, nonce ); http_digest_update ( &ctx, cnonce ); - http_digest_final ( &ctx, ha1 ); + http_digest_final ( &ctx, ha1, sizeof ( ha1 ) ); } /* Generate HA2 */ http_digest_init ( &ctx ); http_digest_update ( &ctx, method ); http_digest_update ( &ctx, uri ); - http_digest_final ( &ctx, ha2 ); + http_digest_final ( &ctx, ha2, sizeof ( ha2 ) ); /* Generate response */ http_digest_init ( &ctx ); @@ -1197,7 +1199,7 @@ static char * http_digest_auth ( struct http_request *http, http_digest_update ( &ctx, "auth" /* qop */ ); } http_digest_update ( &ctx, ha2 ); - http_digest_final ( &ctx, response ); + http_digest_final ( &ctx, response, sizeof ( response ) ); /* Generate the authorisation string */ len = asprintf ( &auth, "Authorization: Digest username=\"%s\", " diff --git a/src/net/tcp/iscsi.c b/src/net/tcp/iscsi.c index 2e420d9a..e553b214 100644 --- a/src/net/tcp/iscsi.c +++ b/src/net/tcp/iscsi.c @@ -709,7 +709,7 @@ static int iscsi_build_login_request_strings ( struct iscsi_session *iscsi, char buf[ base16_encoded_len ( iscsi->chap.response_len ) + 1 ]; assert ( iscsi->initiator_username != NULL ); base16_encode ( iscsi->chap.response, iscsi->chap.response_len, - buf ); + buf, sizeof ( buf ) ); used += ssnprintf ( data + used, len - used, "CHAP_N=%s%cCHAP_R=0x%s%c", iscsi->initiator_username, 0, buf, 0 ); @@ -719,7 +719,7 @@ static int iscsi_build_login_request_strings ( struct iscsi_session *iscsi, size_t challenge_len = ( sizeof ( iscsi->chap_challenge ) - 1 ); char buf[ base16_encoded_len ( challenge_len ) + 1 ]; base16_encode ( ( iscsi->chap_challenge + 1 ), challenge_len, - buf ); + buf, sizeof ( buf ) ); used += ssnprintf ( data + used, len - used, "CHAP_I=%d%cCHAP_C=0x%s%c", iscsi->chap_challenge[0], 0, buf, 0 ); @@ -833,15 +833,17 @@ static int iscsi_tx_login_request ( struct iscsi_session *iscsi ) { * * @v encoded Encoded large binary value * @v raw Raw data + * @v len Length of data buffer * @ret len Length of raw data, or negative error */ -static int iscsi_large_binary_decode ( const char *encoded, uint8_t *raw ) { +static int iscsi_large_binary_decode ( const char *encoded, uint8_t *raw, + size_t len ) { /* Check for initial '0x' or '0b' and decode as appropriate */ if ( *(encoded++) == '0' ) { switch ( tolower ( *(encoded++) ) ) { case 'x' : - return base16_decode ( encoded, raw ); + return base16_decode ( encoded, raw, len ); case 'b' : return base64_decode ( encoded, raw ); } @@ -980,7 +982,7 @@ static int iscsi_handle_chap_c_value ( struct iscsi_session *iscsi, int rc; /* Process challenge */ - len = iscsi_large_binary_decode ( value, buf ); + len = iscsi_large_binary_decode ( value, buf, sizeof ( buf ) ); if ( len < 0 ) { rc = len; DBGC ( iscsi, "iSCSI %p invalid CHAP challenge \"%s\": %s\n", @@ -1065,7 +1067,7 @@ static int iscsi_handle_chap_r_value ( struct iscsi_session *iscsi, chap_respond ( &iscsi->chap ); /* Process response */ - len = iscsi_large_binary_decode ( value, buf ); + len = iscsi_large_binary_decode ( value, buf, sizeof ( buf ) ); if ( len < 0 ) { rc = len; DBGC ( iscsi, "iSCSI %p invalid CHAP response \"%s\": %s\n", |