X-Git-Url: http://sjero.net/git/?p=wget;a=blobdiff_plain;f=src%2Fhttp.c;h=919d7593b16d0005f1d4a20783e241daf386cab5;hp=58e9b14a94453ff5477b745a779be2d1411595d3;hb=dac53e8bdf8b81b9f59a47823fff191e0a629cf5;hpb=48b53471e89938fde4588bea068578ab2ae7864f

diff --git a/src/http.c b/src/http.c
index 58e9b14a..919d7593 100644
--- a/src/http.c
+++ b/src/http.c
@@ -3020,10 +3020,11 @@ digest_authentication_encode (const char *au, const char *user,
   while (extract_param (&au, &name, &value, ','))
     {
       size_t i;
+      size_t namelen = name.e - name.b;
       for (i = 0; i < countof (options); i++)
-        if ((size_t) (name.e - name.b) == strlen (options[i].name)
+        if (namelen == strlen (options[i].name)
             && 0 == strncmp (name.b, options[i].name,
-                             (size_t) (name.e - name.b)))
+                             namelen))
           {
             *options[i].variable = strdupdelim (value.b, value.e);
             break;
@@ -3103,9 +3104,10 @@ username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\"",
    first argument and are followed by whitespace or terminating \0.
    The comparison is case-insensitive.  */
 #define STARTS(literal, b, e)                           \
-  (((size_t) ((e) - (b))) >= STRSIZE (literal)	\
+  ((e > b) \
+   && ((size_t) ((e) - (b))) >= STRSIZE (literal)   \
    && 0 == strncasecmp (b, literal, STRSIZE (literal))  \
-   && ((e) - (b) == STRSIZE (literal)                   \
+   && ((size_t) ((e) - (b)) == STRSIZE (literal)          \
        || c_isspace (b[STRSIZE (literal)])))
 
 static bool