+2013-07-13 Giuseppe Scrivano <gscrivano@gnu.org>
+
+ * http.c (digest_authentication_encode): Fix a crash when the algorithm
+ is not specified in the server response. Free dynamic memory used by
+ the function when the function exits.
+ Reported by: Tim Ruehsen <tim.ruehsen@gmx.de>.
+
2013-07-13 Steven M. Schweda <sms@antinode.info>
* warc.c (warc_tempfile): Fix a portability issue on VMS.
param_token name, value;
- realm = opaque = nonce = qop = NULL;
- algorithm = "MD5";
+ realm = opaque = nonce = algorithm = qop = NULL;
au += 6; /* skip over `Digest' */
while (extract_param (&au, &name, &value, ','))
dump_hash (a1buf, hash);
- if (! strcmp (algorithm, "MD5-sess"))
+ if (algorithm && !strcmp (algorithm, "MD5-sess"))
{
/* A1BUF = H( H(user ":" realm ":" password) ":" nonce ":" cnonce ) */
snprintf (cnonce, sizeof (cnonce), "%08x", random_number(INT_MAX));
snprintf(res + res_len, res_size - res_len, ", algorithm=\"%s\"", algorithm);
}
}
+
+ xfree_null (realm);
+ xfree_null (opaque);
+ xfree_null (nonce);
+ xfree_null (qop);
+ xfree_null (algorithm);
+
return res;
}
#endif /* ENABLE_DIGEST */