[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] Digest Authentication not working when request URI i
|
From: |
Christian Grothoff |
|
Subject: |
Re: [libmicrohttpd] Digest Authentication not working when request URI is escaped |
|
Date: |
Fri, 29 May 2015 12:25:30 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.6.0 |
Hi!
Thanks for reporting. I've extended our testcase to cover this and fixed
the issue in SVN 35838.
Please let me know if for some reason this does not work.
Happy hacking!
Christian
On 05/26/2015 02:22 PM, Andreas Wehrmann wrote:
> Hi!
>
> I'm currently messing around with digest authentication and found a
> problem (latest SVN).
>
> Digest authentication works fine iff the URI requested by the client is
> not escaped (i.e. contains no space or some other 'weird' character).
> If the request URI is escaped, the check in MHD_digest_auth_check() @
> digestauth.c:675 fails:
>
> 0 != strncmp (uri, connection->url, strlen (connection->url))
>
> giving me the error message: "Authentication failed, URI does not match".
>
> I've added a log statement to output 'uri' and 'connection->url' right
> after the check:
> printf( "%s: URI( %s ) CNX( %s )\n", __FUNCTION__, uri, connection->url );
>
> The result ist:
>
> MHD_digest_auth_check: URI( /eins%20zwo/test.html ) CNX( /eins
> zwo/test.html )
>
>
> Best regards,
> Andreas
>
>
0xE29FC3CC.asc
Description: application/pgp-keys