From e9cc8b2f7c4678b832ad56f7119bba86a8db08ef Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 12 Jul 2013 19:07:22 +0200 Subject: [PATCH] Fix HTTP Digest authentication when the algorithm is not specified --- src/ChangeLog | 5 +++++ src/http.c | 7 ++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 0d3b505b..e11af614 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2013-07-12 Giuseppe Scrivano + + * http.c (digest_authentication_encode): Set default value of + `algorithm' to "MD5". Check if `qop' is not-NULL before access it. + 2013-07-11 Karsten Hopp * openssl.c (struct openssl_read_args, struct scwt_context): New struct. diff --git a/src/http.c b/src/http.c index a6933551..9f274dc6 100644 --- a/src/http.c +++ b/src/http.c @@ -3703,7 +3703,8 @@ digest_authentication_encode (const char *au, const char *user, param_token name, value; - realm = opaque = nonce = qop = algorithm = NULL; + realm = opaque = nonce = qop = NULL; + algorithm = "MD5"; au += 6; /* skip over `Digest' */ while (extract_param (&au, &name, &value, ',')) @@ -3785,7 +3786,7 @@ digest_authentication_encode (const char *au, const char *user, md5_finish_ctx (&ctx, hash); dump_hash (a2buf, hash); - if (!strcmp(qop, "auth") || !strcmp (qop, "auth-int")) + if (qop && (!strcmp(qop, "auth") || !strcmp (qop, "auth-int"))) { /* RFC 2617 Digest Access Authentication */ /* generate random hex string */ @@ -3835,7 +3836,7 @@ digest_authentication_encode (const char *au, const char *user, res = xmalloc (res_size); - if (!strcmp(qop,"auth")) + if (qop && !strcmp (qop, "auth")) { res_len = snprintf (res, res_size, "Digest "\ "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\""\ -- 2.39.2