Date: Wed, 16 Nov 2022 03:23:12 GMT From: John Baldwin <jhb@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 57fbafb8deac - main - libfetch: Pass a zeroed digest to DigestCalcResponse. Message-ID: <202211160323.2AG3NCs7055795@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=57fbafb8deac75b924faf1fa6c2222a7719fdfec commit 57fbafb8deac75b924faf1fa6c2222a7719fdfec Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2022-11-16 03:18:58 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2022-11-16 03:18:58 +0000 libfetch: Pass a zeroed digest to DigestCalcResponse. GCC 12 warns that passing "" (a constant of char[1]) to a parameter of type char[33] could potentially overread. It is not clear from the context that c->qops can never be "auth-int" (and if it can't, then the "auth-int" handling in DigestCalcResponse is dead code that should be removed since this is the only place the function is called). Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D36825 --- lib/libfetch/http.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c index c1d92d08b317..d4605aeccd9f 100644 --- a/lib/libfetch/http.c +++ b/lib/libfetch/http.c @@ -1281,9 +1281,10 @@ http_digest_auth(conn_t *conn, const char *hdr, http_auth_challenge_t *c, DigestCalcHA1(c->algo, parms->user, c->realm, parms->password, c->nonce, cnonce, HA1); DEBUGF("HA1: [%s]\n", HA1); - HASHHEX digest; + HASHHEX digest, null; + memset(null, 0, sizeof(null)); DigestCalcResponse(HA1, c->nonce, noncecount, cnonce, c->qop, - "GET", url->doc, "", digest); + "GET", url->doc, null, digest); if (c->qop[0]) { r = http_cmd(conn, "%s: Digest username=\"%s\",realm=\"%s\","
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202211160323.2AG3NCs7055795>