Henrik Nordstrom wrote:
First drop of improved digest auth parser.
Focused on the parser & input validation, but as you can see there is
further room for improvement by moving more processing over to String.
The state of the old parser was rather scary.. not even comparing field
names correctly and several other ugly things...
Comments are very welcome while I validate the parser changes. Expect to
submit this for merge in a day or two.
A note of warning: This changes the quoted-string parser to actually
parse quoted-string.. which impacts the Surrogate-Control parser. If
that uses the parsed value to construct a new header then we also need
to make sure to properly produce quoted-string as the value is now
normalized as a token (quotes & escapes removed) where it before just
har the quotes removed.
Regards
Henrik
Logic looks okay at face value.
Hope it pans out in the testing. :)
This debugs seems to have incorrect output for the test being done:
+ /* check cnonce */
+ if (!digest_request->cnonce || digest_request->cnonce[0] == '\0') {
+ debugs(29, 2, "authenticateDigestDecode: Missing URI field");
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24
Current Beta Squid 3.1.0.17
