From 1b9d311b5ce7709a41558b3973c407ffef4a9848 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 25 Sep 2008 14:09:22 +0000 Subject: [PATCH] - Fixed the HTTP Digest auth code to not behave badly when getting a blank realm with realm="". http://curl.haxx.se/bug/view.cgi?id=2126435 --- CHANGES | 4 ++++ RELEASE-NOTES | 1 + lib/http_digest.c | 6 ++++++ 3 files changed, 11 insertions(+) diff --git a/CHANGES b/CHANGES index 82ac6a1a6..f53007fe2 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,10 @@ Changelog +Daniel Stenberg (25 Sep 2008) +- Fixed the HTTP Digest auth code to not behave badly when getting a blank realm + with realm="". http://curl.haxx.se/bug/view.cgi?id=2126435 + Daniel Fandrich (23 Sep 2008) - Make sure not to dereference the wrong UrlState proto union member when switching from one protocol to another in a single request (e.g. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index a90bd2e32..5beced6fd 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -27,6 +27,7 @@ This release includes the following bugfixes: o SFTP over SOCKS crash fixed o thread-safety issues addressed for NSS-powered libcurls o removed the use of mktime() and gmtime(_r)() in date parsing and conversions + o HTTP Digest with a blank realm did wrong This release includes the following known bugs: diff --git a/lib/http_digest.c b/lib/http_digest.c index 81e8612a7..0d92652a0 100644 --- a/lib/http_digest.c +++ b/lib/http_digest.c @@ -104,6 +104,12 @@ CURLdigest Curl_input_digest(struct connectdata *conn, include the possibly trailing comma, newline or carriage return */ (2 == sscanf(header, "%255[^=]=%1023[^\r\n,]", value, content)) ) { + if(!strcmp("\"\"", content)) { + /* for the name="" case where we get only the "" in the content variable, + * simply clear the content then + */ + content[0]=0; + } if(strequal(value, "nonce")) { d->nonce = strdup(content); if(!d->nonce)