[mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2877 152afb58-edef-0310-8abb-c4023f1b3aa9
This commit is contained in:
Stefan Bühler 2013-06-29 09:45:27 +00:00
parent 3caf47ecd9
commit c008fd7ec8
2 changed files with 14 additions and 1 deletions

1
NEWS
View File

@ -16,6 +16,7 @@ NEWS
* fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu)
* fix undefined stuff found with clang
* [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448)
* [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)
- 1.4.32 - 2012-11-21
* Code cleanup with clang/sparse (fixes #2437, thx kibi)

View File

@ -934,6 +934,7 @@ typedef struct {
char **ptr;
} digest_kv;
/* return values: -1: error/bad request, 0: failed, 1: success */
int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, buffer *url, const char *realm_str) {
char a1[256];
char a2[256];
@ -1071,6 +1072,14 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
return -1;
}
if (qop && strcasecmp(qop, "auth-int") == 0) {
log_error_write(srv, __FILE__, __LINE__, "s",
"digest: qop=auth-int not supported");
buffer_free(b);
return -1;
}
m = get_http_method_name(con->request.http_method);
/* password-string == HA1 */
@ -1131,10 +1140,13 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
li_MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
li_MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
/* qop=auth-int not supported, already checked above */
/*
if (qop && strcasecmp(qop, "auth-int") == 0) {
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
li_MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
li_MD5_Update(&Md5Ctx, (unsigned char *) [body checksum], HASHHEXLEN);
}
*/
li_MD5_Final(HA2, &Md5Ctx);
CvtHex(HA2, HA2Hex);