Commit 45a2240e authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

A bug report on the curl-library list showed a HTTP Digest session going on 

with a 700+ letter nonce. Previously libcurl only support 127 letter ones
and now I bumped it to 1023.
parent f75ba55b

lib/http_digest.c

+4 −4
Original line number Diff line number Diff line
@@ -90,19 +90,19 @@ CURLdigest Curl_input_digest(struct connectdata *conn, 
    Curl_digest_cleanup_one(d);



    while(more) {

      char value[32];

      char content[128];

      char value[256];

      char content[1024];

      size_t totlen=0;



      while(*header && ISSPACE(*header))

        header++;



      /* how big can these strings be? */

      if((2 == sscanf(header, "%31[^=]=\"%127[^\"]\"",

      if((2 == sscanf(header, "%255[^=]=\"%1023[^\"]\"",

                      value, content)) ||

         /* try the same scan but without quotes around the content but don't

            include the possibly trailing comma, newline or carriage return */

         (2 ==  sscanf(header, "%31[^=]=%127[^\r\n,]",

         (2 ==  sscanf(header, "%255[^=]=%1023[^\r\n,]",

                       value, content)) ) {

        if(strequal(value, "nonce")) {

          d->nonce = strdup(content);