[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers
From: |
Tim Rühsen |
Subject: |
Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers |
Date: |
Fri, 12 Jul 2013 19:58:16 +0200 |
User-agent: |
KMail/1.13.7 (Linux/3.9-1-amd64; KDE/4.8.4; x86_64; ; ) |
> + realm = opaque = nonce = qop = NULL;
> + algorithm = "MD5";
Don't do that.
1. 'algorithm' will be xfreed later
2. this forces a 'algorithm="MD5" parameter even if it wasn't given before
Instead use:
if (algorithm != NULL && ! strcmp (algorithm, "MD5-sess"))
The function does not free values allocated by strdupdelim () when returning.
That seems to be something that has never been done.
I hope, I am not too late ;-)
Regards, Tim
Am Freitag, 12. Juli 2013 schrieb Giuseppe Scrivano:
> Tim Rühsen <address@hidden> writes:
>
> > we need a check in http.c:3759:
> > if (algorithm != NULL && ! strcmp (algorithm, "MD5-sess"))
> >
> > else we strcmp() with algorithm being NULL.
> >
> > That should do it.
>
> I think the fix should be:
>
> diff --git a/src/http.c b/src/http.c
> index a693355..9f274dc 100644
> --- a/src/http.c
> +++ b/src/http.c
> @@ -3703,7 +3703,8 @@ digest_authentication_encode (const char *au, const
char *user,
> param_token name, value;
>
>
> - realm = opaque = nonce = qop = algorithm = NULL;
> + realm = opaque = nonce = qop = NULL;
> + algorithm = "MD5";
>
> au += 6; /* skip over `Digest' */
> while (extract_param (&au, &name, &value, ','))
> @@ -3785,7 +3786,7 @@ digest_authentication_encode (const char *au, const
char *user,
> md5_finish_ctx (&ctx, hash);
> dump_hash (a2buf, hash);
>
> - if (!strcmp(qop, "auth") || !strcmp (qop, "auth-int"))
> + if (qop && (!strcmp(qop, "auth") || !strcmp (qop, "auth-int")))
> {
> /* RFC 2617 Digest Access Authentication */
> /* generate random hex string */
> @@ -3835,7 +3836,7 @@ digest_authentication_encode (const char *au, const
char *user,
>
> res = xmalloc (res_size);
>
> - if (!strcmp(qop,"auth"))
> + if (qop && !strcmp (qop, "auth"))
> {
> res_len = snprintf (res, res_size, "Digest "\
> "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\",
response=\"%s\""\
>
>
> Any complain?
>
> Cheers,
> Giuseppe
>
signature.asc
Description: This is a digitally signed message part.
- [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Darshit Shah, 2013/07/12
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Giuseppe Scrivano, 2013/07/12
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Darshit Shah, 2013/07/12
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Tim Rühsen, 2013/07/12
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Giuseppe Scrivano, 2013/07/12
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Darshit Shah, 2013/07/12
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Giuseppe Scrivano, 2013/07/12
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Darshit Shah, 2013/07/12
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Giuseppe Scrivano, 2013/07/12
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Darshit Shah, 2013/07/12
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers,
Tim Rühsen <=
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Giuseppe Scrivano, 2013/07/12
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Tim Rühsen, 2013/07/13
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Darshit Shah, 2013/07/13
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Giuseppe Scrivano, 2013/07/13
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Giuseppe Scrivano, 2013/07/13
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Tim Rühsen, 2013/07/13
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Darshit Shah, 2013/07/13
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Tim Rühsen, 2013/07/13
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Darshit Shah, 2013/07/13
- Re: [Bug-wget] [Bug--Wget] Issue with RFC 2067 Digest Headers, Giuseppe Scrivano, 2013/07/13