From: Giuseppe Scrivano Date: Fri, 12 Jul 2013 17:07:22 +0000 (+0200) Subject: Fix HTTP Digest authentication when the algorithm is not specified X-Git-Tag: v1.15~39 X-Git-Url: http://sjero.net/git/?p=wget;a=commitdiff_plain;h=e9cc8b2f7c4678b832ad56f7119bba86a8db08ef Fix HTTP Digest authentication when the algorithm is not specified --- diff --git a/src/ChangeLog b/src/ChangeLog index 0d3b505b..e11af614 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2013-07-12 Giuseppe Scrivano + + * http.c (digest_authentication_encode): Set default value of + `algorithm' to "MD5". Check if `qop' is not-NULL before access it. + 2013-07-11 Karsten Hopp * openssl.c (struct openssl_read_args, struct scwt_context): New struct. diff --git a/src/http.c b/src/http.c index a6933551..9f274dc6 100644 --- a/src/http.c +++ b/src/http.c @@ -3703,7 +3703,8 @@ digest_authentication_encode (const char *au, const char *user, param_token name, value; - realm = opaque = nonce = qop = algorithm = NULL; + realm = opaque = nonce = qop = NULL; + algorithm = "MD5"; au += 6; /* skip over `Digest' */ while (extract_param (&au, &name, &value, ',')) @@ -3785,7 +3786,7 @@ digest_authentication_encode (const char *au, const char *user, md5_finish_ctx (&ctx, hash); dump_hash (a2buf, hash); - if (!strcmp(qop, "auth") || !strcmp (qop, "auth-int")) + if (qop && (!strcmp(qop, "auth") || !strcmp (qop, "auth-int"))) { /* RFC 2617 Digest Access Authentication */ /* generate random hex string */ @@ -3835,7 +3836,7 @@ digest_authentication_encode (const char *au, const char *user, res = xmalloc (res_size); - if (!strcmp(qop,"auth")) + if (qop && !strcmp (qop, "auth")) { res_len = snprintf (res, res_size, "Digest "\ "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\""\