From 2d5d87839f6bbb612253988a38f25831eed3359b Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Sun, 5 Apr 2020 13:35:21 -0400
Subject: [PATCH 1/4] Fix warnings about hashed authentication not being
 available when using gnutls.  Also set cmake_policy(SET CMP0054 NEW) to quiet
 warnings

---
 CMakeLists.txt | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index a15267582..c6480be43 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -3,6 +3,7 @@
 # For more information and installation, see the INSTALL file
 #
 cmake_minimum_required (VERSION 2.8.7)
+cmake_policy(SET CMP0054 NEW)
 project (zoneminder)
 file (STRINGS "version" zoneminder_VERSION)
 # make API version a minor of ZM version
@@ -738,6 +739,7 @@ if(HAVE_OPENSSL_MD5_H)
             "unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)" "NULL" "openssl/md5.h" 
             HAVE_MD5_OPENSSL)
 endif(HAVE_OPENSSL_MD5_H)
+
 if(HAVE_GNUTLS_GNUTLS_H)
 	set(CMAKE_REQUIRED_LIBRARIES "${GNUTLS_LIBRARIES}")
 	set(CMAKE_REQUIRED_INCLUDES "${GNUTLS_INCLUDE_DIR}")
@@ -746,13 +748,17 @@ if(HAVE_GNUTLS_GNUTLS_H)
             "int gnutls_fingerprint (gnutls_digest_algorithm_t algo, const gnutls_datum_t * data, void *result, size_t * result_size)" "0" "stdlib.h;gnutls/gnutls.h" 
             HAVE_DECL_GNUTLS_FINGERPRINT)
 endif(HAVE_GNUTLS_GNUTLS_H)
+
 if(HAVE_MD5_OPENSSL)
 	set(HAVE_DECL_MD5 1)
-else(HAVE_MD5_OPENSSL)
-	message(AUTHOR_WARNING 
-        "ZoneMinder requires a working MD5 function for hashed authenication but 
-        none were found - hashed authenication will not be available")
 endif(HAVE_MD5_OPENSSL)
+
+if((NOT HAVE_MD5_OPENSSL) AND (NOT HAVE_DECL_GNUTLS_FINGERPRINT))
+	message(AUTHOR_WARNING 
+        "ZoneMinder requires a working MD5 function for hashed authentication but 
+        none were found - hashed authentication will not be available")
+endif((NOT HAVE_MD5_OPENSSL) AND (NOT HAVE_DECL_GNUTLS_FINGERPRINT))
+
 # Dirty fix for zm_user only using openssl's md5 if gnutls and gcrypt are not available.
 # This needs to be fixed in zm_user.[h,cpp] but such fix will also require changes to configure.ac
 if(HAVE_LIBCRYPTO AND HAVE_OPENSSL_MD5_H AND HAVE_MD5_OPENSSL)

From 2827ba38cdf846fc9cb018c28f81dac8517a5ed1 Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Sun, 5 Apr 2020 13:41:03 -0400
Subject: [PATCH 2/4] use snprintf instead of sprintf.  Fix putting a \0
 terminator

---
 src/zm_user.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/zm_user.cpp b/src/zm_user.cpp
index 1c0eb6d51..8e443075a 100644
--- a/src/zm_user.cpp
+++ b/src/zm_user.cpp
@@ -294,10 +294,10 @@ User *zmLoadAuthUser( const char *auth, bool use_remote_addr ) {
       gnutls_datum_t md5data = { (unsigned char *)auth_key, strlen(auth_key) };
       gnutls_fingerprint( GNUTLS_DIG_MD5, &md5data, md5sum, &md5len );
 #endif
-      auth_md5[0] = '\0';
       for ( unsigned int j = 0; j < md5len; j++ ) {
-        sprintf( &auth_md5[2*j], "%02x", md5sum[j] );
+        snprintf(&auth_md5[2*j], 2, "%02x", md5sum[j]);
       }
+      auth_md5[md5len*2+1] = '\0';
       Debug( 1, "Checking auth_key '%s' -> auth_md5 '%s' == '%s'", auth_key, auth_md5, auth );
 
       if ( !strcmp( auth, auth_md5 ) ) {

From 98e93557239fd0af207046a010f3a7cef7102199 Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Mon, 6 Apr 2020 11:21:02 -0400
Subject: [PATCH 3/4] snprintf will put the terminator in. We don't have to.

---
 src/zm_user.cpp | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/zm_user.cpp b/src/zm_user.cpp
index 8e443075a..57602a04c 100644
--- a/src/zm_user.cpp
+++ b/src/zm_user.cpp
@@ -297,7 +297,6 @@ User *zmLoadAuthUser( const char *auth, bool use_remote_addr ) {
       for ( unsigned int j = 0; j < md5len; j++ ) {
         snprintf(&auth_md5[2*j], 2, "%02x", md5sum[j]);
       }
-      auth_md5[md5len*2+1] = '\0';
       Debug( 1, "Checking auth_key '%s' -> auth_md5 '%s' == '%s'", auth_key, auth_md5, auth );
 
       if ( !strcmp( auth, auth_md5 ) ) {

From 8193e4ea4ebce29515da6d9391452fc35ae157a9 Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Mon, 6 Apr 2020 11:46:14 -0400
Subject: [PATCH 4/4] replace snprintf with hex table lookup for speed

---
 src/zm_user.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/zm_user.cpp b/src/zm_user.cpp
index baa823966..3aa9a7b99 100644
--- a/src/zm_user.cpp
+++ b/src/zm_user.cpp
@@ -265,6 +265,7 @@ User *zmLoadAuthUser(const char *auth, bool use_remote_addr) {
     return 0;
   }
 
+  const char * hex = "0123456789abcdef";
   while ( MYSQL_ROW dbrow = mysql_fetch_row(result) ) {
     const char *user = dbrow[1];
     const char *pass = dbrow[2];
@@ -303,9 +304,15 @@ User *zmLoadAuthUser(const char *auth, bool use_remote_addr) {
       gnutls_datum_t md5data = { (unsigned char *)auth_key, strlen(auth_key) };
       gnutls_fingerprint(GNUTLS_DIG_MD5, &md5data, md5sum, &md5len);
 #endif
+      unsigned char *md5sum_ptr = md5sum;
+      char *auth_md5_ptr = auth_md5;
+
       for ( unsigned int j = 0; j < md5len; j++ ) {
-        snprintf(&auth_md5[2*j], 2, "%02x", md5sum[j]);
+        *auth_md5_ptr++ = hex[(*md5sum_ptr>>4)&0xf];
+        *auth_md5_ptr++ = hex[(*md5sum_ptr++)&0xf];
       }
+      *auth_md5_ptr = 0;
+
       Debug(1, "Checking auth_key '%s' -> auth_md5 '%s' == '%s'",
           auth_key, auth_md5, auth);