From af808bc4d90a0d9ff1b3993414ec7cc40f911913 Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Sat, 16 Mar 2019 18:20:08 -0400
Subject: [PATCH 1/2] http md5-digest fix

---
 CHANGES      | 1 +
 hydra-http.c | 9 +++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index d9dce31..edf5588 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,7 @@ Release 8.9-dev
 * your patch? :)
 * Fixed svn module memory leaks
 * Fixed rtsp module potential buffer overflow
+* Fixed http module DIGEST-MD5 mode
 * Added memcached module
 
 
diff --git a/hydra-http.c b/hydra-http.c
index db9b500..8b19b28 100644
--- a/hydra-http.c
+++ b/hydra-http.c
@@ -13,7 +13,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
   char *login, *pass, *buffer, buffer2[500];
   char *header;
   char *ptr, *fooptr;
-  int32_t complete_line = 0;
+  int32_t complete_line = 0, buffer_size;
   char tmpreplybuf[1024] = "", *tmpreplybufptr;
 
   if (strlen(login = hydra_get_next_login()) == 0)
@@ -26,7 +26,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
 
   header = stringify_headers(&ptr_head);
 
-  if(!(buffer = malloc(strlen(header) + 500))) {
+  buffer_size = strlen(header) + 500;
+  if(!(buffer = malloc(buffer_size))) {
     free(header);
     return 3;
   }
@@ -63,8 +64,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
       char *pbuffer;
 
       pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest ");
-      strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer));
-      buffer[sizeof(buffer) - 1] = '\0';
+      strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1);
+      buffer[buffer_size - 1] = '\0';
 
       fooptr = buffer2;
       sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header);

From 95819bf458bd051c64ed77b8adb38db4ad0e0969 Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Sun, 17 Mar 2019 09:39:03 -0400
Subject: [PATCH 2/2] return 255 fix

---
 hydra.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hydra.c b/hydra.c
index e184abc..2f42e95 100644
--- a/hydra.c
+++ b/hydra.c
@@ -3985,8 +3985,8 @@ int main(int argc, char *argv[]) {
 
   error += j;
   k = 0;
-  for (j = 0; j < hydra_options.max_use; j++)
-    if (hydra_heads[j]->active == HEAD_ACTIVE)
+  for (i = 0; i < hydra_options.max_use; i++)
+    if (hydra_heads[i]->active == HEAD_ACTIVE)
       k++;
 
   if (error == 0 && k == 0) {