A bug report on the curl-library list showed a HTTP Digest session going on

with a 700+ letter nonce. Previously libcurl only support 127 letter ones
and now I bumped it to 1023.

diff --git a/lib/http_digest.c b/lib/http_digest.c
index 595ebf0d85ae7ddf37875e7db6ee4f6bf916fe3b..e5efd3ef6a52d0c3dffcd448ef747fa3a575adec 100644 (file)
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -90,19 +90,19 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
     Curl_digest_cleanup_one(d);
 
     while(more) {
-      char value[32];
-      char content[128];
+      char value[256];
+      char content[1024];
       size_t totlen=0;
 
       while(*header && ISSPACE(*header))
         header++;
 
       /* how big can these strings be? */
-      if((2 == sscanf(header, "%31[^=]=\"%127[^\"]\"",
+      if((2 == sscanf(header, "%255[^=]=\"%1023[^\"]\"",
                       value, content)) ||
          /* try the same scan but without quotes around the content but don't
             include the possibly trailing comma, newline or carriage return */
-         (2 ==  sscanf(header, "%31[^=]=%127[^\r\n,]",
+         (2 ==  sscanf(header, "%255[^=]=%1023[^\r\n,]",
                        value, content)) ) {
         if(strequal(value, "nonce")) {
           d->nonce = strdup(content);