diff options
| author | John Baldwin <jhb@FreeBSD.org> | 2022-11-16 03:18:58 +0000 |
|---|---|---|
| committer | John Baldwin <jhb@FreeBSD.org> | 2023-01-24 05:13:19 +0000 |
| commit | 13961b5a48d10e3a045a54ce9a6639bce9416989 (patch) | |
| tree | 0a171cc07c0870f632a761aa8ae50aa96686c148 | |
| parent | a8b6a13b0aa3408a7793dad22ad0193a2c32477f (diff) | |
| download | src-13961b5a48d10e3a045a54ce9a6639bce9416989.tar.gz src-13961b5a48d10e3a045a54ce9a6639bce9416989.zip | |
libfetch: Pass a zeroed digest to DigestCalcResponse.
GCC 12 warns that passing "" (a constant of char[1]) to a parameter of
type char[33] could potentially overread. It is not clear from the
context that c->qops can never be "auth-int" (and if it can't, then
the "auth-int" handling in DigestCalcResponse is dead code that should
be removed since this is the only place the function is called).
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D36825
(cherry picked from commit 57fbafb8deac75b924faf1fa6c2222a7719fdfec)
| -rw-r--r-- | lib/libfetch/http.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c index c1d92d08b317..d4605aeccd9f 100644 --- a/lib/libfetch/http.c +++ b/lib/libfetch/http.c @@ -1281,9 +1281,10 @@ http_digest_auth(conn_t *conn, const char *hdr, http_auth_challenge_t *c, DigestCalcHA1(c->algo, parms->user, c->realm, parms->password, c->nonce, cnonce, HA1); DEBUGF("HA1: [%s]\n", HA1); - HASHHEX digest; + HASHHEX digest, null; + memset(null, 0, sizeof(null)); DigestCalcResponse(HA1, c->nonce, noncecount, cnonce, c->qop, - "GET", url->doc, "", digest); + "GET", url->doc, null, digest); if (c->qop[0]) { r = http_cmd(conn, "%s: Digest username=\"%s\",realm=\"%s\"," |