Author: Christian Grothoff <christian@grothoff.org>
Description: A stack overflow flaw was found in the MHD_digest_auth_check()
 function in libmicrohttpd. If MHD_OPTION_CONNECTION_MEMORY_LIMIT was
 configured to allow large allocations, a remote attacker could possibly use
 this flaw to cause an application using libmicrohttpd to crash or,
 potentially, execute arbitrary code with the privileges of the user running
 the application.
Origin: upstream, commit: 30983
--- a/src/daemon/digestauth.c
+++ b/src/daemon/digestauth.c
@@ -608,7 +608,17 @@
 				   header, "nonce")))
     return MHD_NO;
   left -= strlen ("nonce") + len;
-
+  if (left > 32 * 1024)
+  {
+    /* we do not permit URIs longer than 32k, as we want to
+       make sure to not blow our stack (or per-connection
+       heap memory limit).  Besides, 32k is already insanely
+       large, but of course in theory the
+       #MHD_OPTION_CONNECTION_MEMORY_LIMIT might be very large
+       and would thus permit sending a >32k authorization
+       header value. */
+    return MHD_NO;
+  }
   {
     char uri[left];