diff --git a/lib/http_digest.c b/lib/http_digest.c index 47e6c25c6..f98b9f998 100644 --- a/lib/http_digest.c +++ b/lib/http_digest.c @@ -105,6 +105,8 @@ CURLdigest Curl_input_digest(struct connectdata *conn, value, content)) ) { if(strequal(value, "nonce")) { d->nonce = strdup(content); + if(!d->nonce) + return CURLDIGEST_NOMEM; } else if(strequal(value, "stale")) { if(strequal(content, "true")) { @@ -114,15 +116,21 @@ CURLdigest Curl_input_digest(struct connectdata *conn, } else if(strequal(value, "realm")) { d->realm = strdup(content); + if(!d->realm) + return CURLDIGEST_NOMEM; } else if(strequal(value, "opaque")) { d->opaque = strdup(content); + if(!d->opaque) + return CURLDIGEST_NOMEM; } else if(strequal(value, "qop")) { char *tok_buf; /* tokenize the list and choose auth if possible, use a temporary clone of the buffer since strtok_r() ruins it */ tmp = strdup(content); + if(!tmp) + return CURLDIGEST_NOMEM; token = strtok_r(tmp, ",", &tok_buf); while (token != NULL) { if (strequal(token, "auth")) { @@ -137,13 +145,19 @@ CURLdigest Curl_input_digest(struct connectdata *conn, /*select only auth o auth-int. Otherwise, ignore*/ if (foundAuth) { d->qop = strdup("auth"); + if(!d->qop) + return CURLDIGEST_NOMEM; } else if (foundAuthInt) { d->qop = strdup("auth-int"); + if(!d->qop) + return CURLDIGEST_NOMEM; } } else if(strequal(value, "algorithm")) { d->algorithm = strdup(content); + if(!d->algorithm) + return CURLDIGEST_NOMEM; if(strequal(content, "MD5-sess")) d->algo = CURLDIGESTALGO_MD5SESS; else if(strequal(content, "MD5")) diff --git a/lib/http_digest.h b/lib/http_digest.h index c7a41f1b4..b4fca06c9 100644 --- a/lib/http_digest.h +++ b/lib/http_digest.h @@ -27,6 +27,7 @@ typedef enum { CURLDIGEST_NONE, /* not a digest */ CURLDIGEST_BAD, /* a digest, but one we don't like */ CURLDIGEST_BADALGO, /* unsupported algorithm requested */ + CURLDIGEST_NOMEM, CURLDIGEST_FINE, /* a digest we act on */ CURLDIGEST_LAST /* last entry in this enum, don't use */