diff --git a/src/ChangeLog b/src/ChangeLog index 0990a8dc..0c4f3520 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,10 @@ +2013-07-13 Giuseppe Scrivano + + * http.c (digest_authentication_encode): Fix a crash when the algorithm + is not specified in the server response. Free dynamic memory used by + the function when the function exits. + Reported by: Tim Ruehsen . + 2013-07-13 Steven M. Schweda * warc.c (warc_tempfile): Fix a portability issue on VMS. diff --git a/src/http.c b/src/http.c index b0c782b9..b2a03c87 100644 --- a/src/http.c +++ b/src/http.c @@ -3697,8 +3697,7 @@ digest_authentication_encode (const char *au, const char *user, param_token name, value; - realm = opaque = nonce = qop = NULL; - algorithm = "MD5"; + realm = opaque = nonce = algorithm = qop = NULL; au += 6; /* skip over `Digest' */ while (extract_param (&au, &name, &value, ',')) @@ -3755,7 +3754,7 @@ digest_authentication_encode (const char *au, const char *user, dump_hash (a1buf, hash); - if (! strcmp (algorithm, "MD5-sess")) + if (algorithm && !strcmp (algorithm, "MD5-sess")) { /* A1BUF = H( H(user ":" realm ":" password) ":" nonce ":" cnonce ) */ snprintf (cnonce, sizeof (cnonce), "%08x", random_number(INT_MAX)); @@ -3855,6 +3854,13 @@ digest_authentication_encode (const char *au, const char *user, snprintf(res + res_len, res_size - res_len, ", algorithm=\"%s\"", algorithm); } } + + xfree_null (realm); + xfree_null (opaque); + xfree_null (nonce); + xfree_null (qop); + xfree_null (algorithm); + return res; } #endif /* ENABLE_DIGEST */