> + realm = opaque = nonce = qop = NULL; > + algorithm = "MD5";
Don't do that.
1. 'algorithm' will be xfreed later
2. this forces a 'algorithm="MD5" parameter even if it wasn't given before
Instead use:
if (algorithm != NULL && ! strcmp (algorithm, "MD5-sess"))
The function does not free values allocated by strdupdelim () when returning.
That seems to be something that has never been done.
I hope, I am not too late ;-)
Regards, Tim
Am Freitag, 12. Juli 2013 schrieb Giuseppe Scrivano:
> Tim Rühsen <[email protected]> writes:
>
> > we need a check in http.c:3759:
> > if (algorithm != NULL && ! strcmp (algorithm, "MD5-sess"))
> >
> > else we strcmp() with algorithm being NULL.
> >
> > That should do it.
>
> I think the fix should be:
>
> diff --git a/src/http.c b/src/http.c
> index a693355..9f274dc 100644
> --- a/src/http.c
> +++ b/src/http.c
> @@ -3703,7 +3703,8 @@ digest_authentication_encode (const char *au, const
char *user,
> param_token name, value;
>
>
> - realm = opaque = nonce = qop = algorithm = NULL;
> + realm = opaque = nonce = qop = NULL;
> + algorithm = "MD5";
>
> au += 6; /* skip over `Digest' */
> while (extract_param (&au, &name, &value, ','))
> @@ -3785,7 +3786,7 @@ digest_authentication_encode (const char *au, const
char *user,
> md5_finish_ctx (&ctx, hash);
> dump_hash (a2buf, hash);
>
> - if (!strcmp(qop, "auth") || !strcmp (qop, "auth-int"))
> + if (qop && (!strcmp(qop, "auth") || !strcmp (qop, "auth-int")))
> {
> /* RFC 2617 Digest Access Authentication */
> /* generate random hex string */
> @@ -3835,7 +3836,7 @@ digest_authentication_encode (const char *au, const
char *user,
>
> res = xmalloc (res_size);
>
> - if (!strcmp(qop,"auth"))
> + if (qop && !strcmp (qop, "auth"))
> {
> res_len = snprintf (res, res_size, "Digest "\
> "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\",
response=\"%s\""\
>
>
> Any complain?
>
> Cheers,
> Giuseppe
>
signature.asc
Description: This is a digitally signed message part.
