Hi Tim, Technically this cannot happen, the 'digest != NULL' check before correlates with password == NULL and vice versa. But, I'm happy to add an additional assertion to make static analysis happier...
I've applied your realloc() patch as well. Happy hacking! Christian On 4/14/19 9:08 PM, Tim Rühsen wrote: > Hi, > > in digestauth.c, L296 you'll find an unconditional strlen(password). > > The function is called via digest_auth_check_all() from > MHD_digest_auth_check_digest2() with a NULL 'password'. > > I am not sure what your favorite place is for a fix, so I'll just report > and leave it to you. > > Regards, Tim >
signature.asc
Description: OpenPGP digital signature
