Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers

Fri, 12 Jul 2013 14:42:02 -0700 

Tim Rühsen <[email protected]> writes:

>> +  realm = opaque = nonce = qop = NULL;
>> +  algorithm = "MD5";
>
> Don't do that.
> 1. 'algorithm' will be xfreed later
> 2. this forces a 'algorithm="MD5" parameter even if it wasn't given before
> Instead use:
>      if (algorithm != NULL && ! strcmp (algorithm, "MD5-sess"))
>
> The function does not free values allocated by strdupdelim () when returning.
> That seems to be something that has never been done.
>
> I hope, I am not too late ;-)

ops, sorry, I merged too quickly.  I want to change the behaviour, if
the algorithm is not specified then assume MD5.  This is different than
before as we assumed it is always specified, and it is incorrect as
Darshit pointed out with his example which is compliant with the RFC.

Something against this, I wait for your ACK this time :-)

diff --git a/src/http.c b/src/http.c
index 9f274dc..3af7009 100644
--- a/src/http.c
+++ b/src/http.c
@@ -3703,8 +3703,7 @@ digest_authentication_encode (const char *au, const char 
*user,
   param_token name, value;
 
 
-  realm = opaque = nonce = qop = NULL;
-  algorithm = "MD5";
+  realm = opaque = nonce = algorithm = qop = NULL;
 
   au += 6;                      /* skip over `Digest' */
   while (extract_param (&au, &name, &value, ','))
@@ -3743,6 +3742,9 @@ digest_authentication_encode (const char *au, const char 
*user,
       return NULL;
     }
 
+  if (algorithm == NULL)
+    algorithm = xstrdup ("MD5");
+
   /* Calculate the digest value.  */
   {
     struct md5_ctx ctx;
@@ -3829,7 +3831,7 @@ digest_authentication_encode (const char *au, const char 
*user,
              + strlen (path)
              + 2 * MD5_DIGEST_SIZE /*strlen (response_digest)*/
              + (opaque ? strlen (opaque) : 0)
-             + (algorithm ? strlen (algorithm) : 0)
+             + strlen (algorithm)
              + (qop ? 128: 0)
              + strlen (cnonce)
              + 128;
@@ -3856,11 +3858,15 @@ digest_authentication_encode (const char *au, const 
char *user,
         res_len += snprintf(res + res_len, res_size - res_len, ", 
opaque=\"%s\"", opaque);
       }
 
-    if (algorithm)
-      {
-        snprintf(res + res_len, res_size - res_len, ", algorithm=\"%s\"", 
algorithm);
-      }
+    snprintf(res + res_len, res_size - res_len, ", algorithm=\"%s\"", 
algorithm);
   }
+
+  xfree_null (realm);
+  xfree_null (opaque);
+  xfree_null (nonce);
+  xfree_null (qop);
+  xfree_null (algorithm);
+
   return res;
 }
 #endif /* ENABLE_DIGEST */

Reply via email to