> + realm = opaque = nonce = qop = NULL; > + algorithm = "MD5";
Don't do that. 1. 'algorithm' will be xfreed later 2. this forces a 'algorithm="MD5" parameter even if it wasn't given before Instead use: if (algorithm != NULL && ! strcmp (algorithm, "MD5-sess")) The function does not free values allocated by strdupdelim () when returning. That seems to be something that has never been done. I hope, I am not too late ;-) Regards, Tim Am Freitag, 12. Juli 2013 schrieb Giuseppe Scrivano: > Tim Rühsen <tim.rueh...@gmx.de> writes: > > > we need a check in http.c:3759: > > if (algorithm != NULL && ! strcmp (algorithm, "MD5-sess")) > > > > else we strcmp() with algorithm being NULL. > > > > That should do it. > > I think the fix should be: > > diff --git a/src/http.c b/src/http.c > index a693355..9f274dc 100644 > --- a/src/http.c > +++ b/src/http.c > @@ -3703,7 +3703,8 @@ digest_authentication_encode (const char *au, const char *user, > param_token name, value; > > > - realm = opaque = nonce = qop = algorithm = NULL; > + realm = opaque = nonce = qop = NULL; > + algorithm = "MD5"; > > au += 6; /* skip over `Digest' */ > while (extract_param (&au, &name, &value, ',')) > @@ -3785,7 +3786,7 @@ digest_authentication_encode (const char *au, const char *user, > md5_finish_ctx (&ctx, hash); > dump_hash (a2buf, hash); > > - if (!strcmp(qop, "auth") || !strcmp (qop, "auth-int")) > + if (qop && (!strcmp(qop, "auth") || !strcmp (qop, "auth-int"))) > { > /* RFC 2617 Digest Access Authentication */ > /* generate random hex string */ > @@ -3835,7 +3836,7 @@ digest_authentication_encode (const char *au, const char *user, > > res = xmalloc (res_size); > > - if (!strcmp(qop,"auth")) > + if (qop && !strcmp (qop, "auth")) > { > res_len = snprintf (res, res_size, "Digest "\ > "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\""\ > > > Any complain? > > Cheers, > Giuseppe >
signature.asc
Description: This is a digitally signed message part.