Hi Chris,
thanks for your input. Looking into RFC 2617, it looks like not all the
fields may be not-quoted:
digest-challenge = 1#( realm | [ domain ] | nonce |
[ opaque ] |[ stale ] | [ algorithm ] |
[ qop-options ] | [auth-param] )
domain = "domain" "=" <"> URI ( 1*SP URI ) <">
URI = absoluteURI | abs_path
nonce = "nonce" "=" nonce-value
nonce-value = quoted-string
opaque = "opaque" "=" quoted-string
stale = "stale" "=" ( "true" | "false" )
algorithm = "algorithm" "=" ( "MD5" | "MD5-sess" |
token )
qop-options = "qop" "=" <"> 1#qop-value <">
qop-value = "auth" | "auth-int" | token
realm = "realm" "=" realm-value
realm-value = quoted-string
So, only stale and algorithm can not be qouted.
regards,
bogdan
Christophe Irles wrote:
Hi,
I found a parse error bug in the UAC module. It's slightly the same
bug as describe in the 1448453 bug but it concerns the parse of the
field "stale" this time.
Here is the log of openser:
4(19621) DEBUG:uac:uac_auth: picked reply is 0x816cfe8, code 407
4(19621) DEBUG:uac:get_autenticate_hdr: looking for header
"Proxy-Authenticate"
4(19621) parse_headers: flags=ffffffffffffffff
4(19621) DEBUG: get_hdr_body : content_length=0
4(19621) found end of header
4(19621) DEBUG:uac:uac_auth: header found; body=<Digest
realm="freephonie.net",nonce="028183054212a08209186424557a08f7",opaque="027fb3fb0f14a5b",stale=false,algorithm=MD5>
4(19621) DEBUG:uac:parse_authenticate_body: <realm>="freephonie.net"
state=2
4(19621) DEBUG:uac:parse_authenticate_body:
<nonce>="028183054212a08209186424557a08f7" state=3
4(19621) DEBUG:uac:parse_authenticate_body:
<opaque>="027fb3fb0f14a5b" state=6
4(19621) ERROR:uac:parse_authenticate_body: parse error in <Digest
realm="freephonie.net",nonce="028183054212a08209186424557a08f7",opaque="027fb3fb0f14a5b",stale=false,algorithm=MD5>
around 102
4(19621) ERROR:uac:uac_auth: failed to parse auth hdr body
4(19621) CONNTRACK: ct_destroy_connection():
callId=MTUzMzAxOGNmYmZjM2ZmZWYyMzY3NjMyNDk0ZDVlYTY.
4(19621) DEBUG:tm:relay_reply: branch=0, save=0, relay=0
The bug is in the file "auth_hdr.c". Some fields (realm, nonce, stale,
domain, opaque) are specifically designed to have values between
double quote. I change it to accept values with or without double
quote. In fact I made few changes since the code is already ready to
manage that, it just force the use of double quote. Perhaps some of
this fields in RFC must have double quoted value ?
Here is mypatch file to resolve my problem:
--- ./modules/uac/auth_hdr.c
+++ ./patch/modules/uac/auth_hdr.c
@@ -133,11 +133,11 @@
n = LOWER4B( GET4B(p) );
switch(n)
{
- CASE_5B( 0x7265616c, 'm', REALM_STATE,
1); /*realm*/
- CASE_5B( 0x6e6f6e63, 'e', NONCE_STATE,
1); /*nonce*/
- CASE_5B( 0x7374616c, 'e', STALE_STATE,
1); /*stale*/
- CASE_6B( 0x646f6d62, 'i', 'n',
DOMAIN_STATE, 1); /*domain*/
- CASE_6B( 0x6f706171, 'u', 'e',
OPAQUE_STATE, 1); /*opaque*/
+ CASE_5B( 0x7265616c, 'm', REALM_STATE,
0); /*realm*/
+ CASE_5B( 0x6e6f6e63, 'e', NONCE_STATE,
0); /*nonce*/
+ CASE_5B( 0x7374616c, 'e', STALE_STATE,
0); /*stale*/
+ CASE_6B( 0x646f6d62, 'i', 'n',
DOMAIN_STATE, 0); /*domain*/
+ CASE_6B( 0x6f706171, 'u', 'e',
OPAQUE_STATE, 0); /*opaque*/
case 0x616c676f: /*algo*/
if (p+9<end &&
LOWER4B(GET4B(p+4))==0x72697468
&& LOWER1B(*(p+8))=='m' )
Regards,
Christophe
------------------------------------------------------------------------
_______________________________________________
Devel mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/devel
_______________________________________________
Devel mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/devel
