[mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2877 152afb58-edef-0310-8abb-c4023f1b3aa9
This commit is contained in:
parent
3caf47ecd9
commit
c008fd7ec8
1
NEWS
1
NEWS
|
@ -16,6 +16,7 @@ NEWS
|
|||
* fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu)
|
||||
* fix undefined stuff found with clang
|
||||
* [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448)
|
||||
* [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)
|
||||
|
||||
- 1.4.32 - 2012-11-21
|
||||
* Code cleanup with clang/sparse (fixes #2437, thx kibi)
|
||||
|
|
|
@ -934,6 +934,7 @@ typedef struct {
|
|||
char **ptr;
|
||||
} digest_kv;
|
||||
|
||||
/* return values: -1: error/bad request, 0: failed, 1: success */
|
||||
int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, buffer *url, const char *realm_str) {
|
||||
char a1[256];
|
||||
char a2[256];
|
||||
|
@ -1071,6 +1072,14 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
|
|||
return -1;
|
||||
}
|
||||
|
||||
if (qop && strcasecmp(qop, "auth-int") == 0) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "s",
|
||||
"digest: qop=auth-int not supported");
|
||||
|
||||
buffer_free(b);
|
||||
return -1;
|
||||
}
|
||||
|
||||
m = get_http_method_name(con->request.http_method);
|
||||
|
||||
/* password-string == HA1 */
|
||||
|
@ -1131,10 +1140,13 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
|
|||
li_MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
|
||||
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
|
||||
li_MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
|
||||
/* qop=auth-int not supported, already checked above */
|
||||
/*
|
||||
if (qop && strcasecmp(qop, "auth-int") == 0) {
|
||||
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
|
||||
li_MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
|
||||
li_MD5_Update(&Md5Ctx, (unsigned char *) [body checksum], HASHHEXLEN);
|
||||
}
|
||||
*/
|
||||
li_MD5_Final(HA2, &Md5Ctx);
|
||||
CvtHex(HA2, HA2Hex);
|
||||
|
||||
|
|
Loading…
Reference in New Issue