I found that using LWP::Authen::Digest with an incorrect password causes
infinite recursion. This is because the auth string changes each time as the
nonce changes. Patch follows. It can be applied with:
# patch -l -p0 < lwp-authen.diff
(assuming you name the attached "lwp-authen.diff")
--------
--- Authen/Digest.pm Wed Nov 28 03:35:35 2001
+++ Authen/Digest.pm.new Wed Jan 23 11:04:39 2002
@@ -70,11 +70,17 @@
my $r = $response;
while ($r) {
my $auth = $r->request->header($auth_header);
- if ($auth && $auth eq $auth_value) {
- # here we know this failed before
- $response->header("Client-Warning" =>
- "Credentials for '$user' failed before");
- return $response;
+ if ($auth) {
+ my ($thisuser, $thisrealm, $thisuri) =
+ ($auth =~ /username="(.*?)".*realm="(.*?)".*uri="(.*?)"/);
+ my ($lastuser, $lastrealm, $lasturi) =
+ ($auth_value =~ /username="(.*?)".*realm="(.*?)".*uri="(.*?)"/);
+ if ($thisuser eq $lastuser && $thisrealm eq $lastrealm && $thisuri eq
$lasturi) {
+ # here we know this failed before
+ $response->header("Client-Warning" =>
+ "Credentials for '$user' failed before");
+ return $response;
+ }
}
$r = $r->previous;
}
----
