Fix HTTP Digest authentication when the algorithm is not specified

diff --git a/src/ChangeLog b/src/ChangeLog
index 0d3b505bfddb0fc56d98a6849bffafbde207c8be..e11af614aa65dcc039dde1a52148d5c20e90ed27 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2013-07-12  Giuseppe Scrivano  <gscrivano@gnu.org>
+
+       * http.c (digest_authentication_encode): Set default value of
+       `algorithm' to "MD5".  Check if `qop' is not-NULL before access it.
+
 2013-07-11  Karsten Hopp  <karsten@redhat.com>
 
        * openssl.c (struct openssl_read_args, struct scwt_context): New struct.

diff --git a/src/http.c b/src/http.c
index a693355123f8b59ce7e20575954f326ce4896429..9f274dc618abc8c65acbfe2e001206acf7ff7c54 100644 (file)
--- a/src/http.c
+++ b/src/http.c
@@ -3703,7 +3703,8 @@ digest_authentication_encode (const char *au, const char *user,
   param_token name, value;
 
 
-  realm = opaque = nonce = qop = algorithm = NULL;
+  realm = opaque = nonce = qop = NULL;
+  algorithm = "MD5";
 
   au += 6;                      /* skip over `Digest' */
   while (extract_param (&au, &name, &value, ','))
@@ -3785,7 +3786,7 @@ digest_authentication_encode (const char *au, const char *user,
     md5_finish_ctx (&ctx, hash);
     dump_hash (a2buf, hash);
 
-    if (!strcmp(qop, "auth") || !strcmp (qop, "auth-int"))
+    if (qop && (!strcmp(qop, "auth") || !strcmp (qop, "auth-int")))
       {
         /* RFC 2617 Digest Access Authentication */
         /* generate random hex string */
@@ -3835,7 +3836,7 @@ digest_authentication_encode (const char *au, const char *user,
 
     res = xmalloc (res_size);
 
-    if (!strcmp(qop,"auth"))
+    if (qop && !strcmp (qop, "auth"))
       {
         res_len = snprintf (res, res_size, "Digest "\
                 "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\""\