generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

digest: improve nonce generation

Browse Source 
Use the new improved Curl_rand() to generate better random nonce for
Digest auth.
This commit is contained in:
Daniel Stenberg 2013-06-25 11:28:22 +02:00
parent 9c2853f2ae
commit 98b0d66eb4
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/http_digest.c
View File

@ -33,6 +33,7 @@
#include "strtok.h"
#include "url.h" /* for Curl_safefree() */
#include "curl_memory.h"
#include "sslgen.h" /* for Curl_rand() */
#include "non-ascii.h" /* included for Curl_convert_... prototypes */
#include "warnless.h"
@ -316,8 +317,6 @@ CURLcode Curl_output_digest(struct connectdata *conn,
char *cnonce = NULL;
size_t cnonce_sz = 0;
char *tmp = NULL;
struct timeval now;
char **allocuserpwd;
size_t userlen;
const char *userp;
@ -376,10 +375,8 @@ CURLcode Curl_output_digest(struct connectdata *conn,
d->nc = 1;
if(!d->cnonce) {
/* Generate a cnonce */
now = Curl_tvnow();
snprintf(cnoncebuf, sizeof(cnoncebuf), "%32ld",
(long)now.tv_sec + now.tv_usec);
snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x",
Curl_rand(data), Curl_rand(data));
rc = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf),
&cnonce, &cnonce_sz);