|
|
@@ -3006,6 +3006,9 @@ static int parse_auth_header(struct mg_connection *conn, char *buf,
|
|
|
/* Convert the nonce from the client to a number and check it. */
|
|
|
/* Server side nonce check is valuable in all situations but one: if the server restarts frequently,
|
|
|
but the client should not see that, so the server should accept nonces from previous starts. */
|
|
|
+ íf (ah->nonce == NULL) {
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
nonce = strtoul(ah->nonce, &s, 10);
|
|
|
if ((s == NULL) || (*s != 0)) {
|
|
|
return 0;
|
bel