1
0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00

Fix HTTP Digest authentication when the algorithm is not specified

This commit is contained in:
Giuseppe Scrivano 2013-07-12 19:07:22 +02:00
parent b8f036d16c
commit e9cc8b2f7c
2 changed files with 9 additions and 3 deletions

View File

@ -1,3 +1,8 @@
2013-07-12 Giuseppe Scrivano <gscrivano@gnu.org>
* http.c (digest_authentication_encode): Set default value of
`algorithm' to "MD5". Check if `qop' is not-NULL before access it.
2013-07-11 Karsten Hopp <karsten@redhat.com> 2013-07-11 Karsten Hopp <karsten@redhat.com>
* openssl.c (struct openssl_read_args, struct scwt_context): New struct. * openssl.c (struct openssl_read_args, struct scwt_context): New struct.

View File

@ -3703,7 +3703,8 @@ digest_authentication_encode (const char *au, const char *user,
param_token name, value; param_token name, value;
realm = opaque = nonce = qop = algorithm = NULL; realm = opaque = nonce = qop = NULL;
algorithm = "MD5";
au += 6; /* skip over `Digest' */ au += 6; /* skip over `Digest' */
while (extract_param (&au, &name, &value, ',')) while (extract_param (&au, &name, &value, ','))
@ -3785,7 +3786,7 @@ digest_authentication_encode (const char *au, const char *user,
md5_finish_ctx (&ctx, hash); md5_finish_ctx (&ctx, hash);
dump_hash (a2buf, hash); dump_hash (a2buf, hash);
if (!strcmp(qop, "auth") || !strcmp (qop, "auth-int")) if (qop && (!strcmp(qop, "auth") || !strcmp (qop, "auth-int")))
{ {
/* RFC 2617 Digest Access Authentication */ /* RFC 2617 Digest Access Authentication */
/* generate random hex string */ /* generate random hex string */
@ -3835,7 +3836,7 @@ digest_authentication_encode (const char *au, const char *user,
res = xmalloc (res_size); res = xmalloc (res_size);
if (!strcmp(qop,"auth")) if (qop && !strcmp (qop, "auth"))
{ {
res_len = snprintf (res, res_size, "Digest "\ res_len = snprintf (res, res_size, "Digest "\
"username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\""\ "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\""\