moparisthebest/wget
1
0
Fork 0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00
Code Issues Releases Wiki Activity

Fix HTTP Digest authentication when the algorithm is not specified

Browse Source
This commit is contained in:
Giuseppe Scrivano 2013-07-12 19:07:22 +02:00
parent b8f036d16c
commit e9cc8b2f7c
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/ChangeLog
View File

@ -1,3 +1,8 @@
2013-07-12 Giuseppe Scrivano <gscrivano@gnu.org>
* http.c (digest_authentication_encode): Set default value of
`algorithm' to "MD5". Check if `qop' is not-NULL before access it.
2013-07-11 Karsten Hopp <karsten@redhat.com>
* openssl.c (struct openssl_read_args, struct scwt_context): New struct.

7
src/http.c
View File

@ -3703,7 +3703,8 @@ digest_authentication_encode (const char *au, const char *user,
param_token name, value;
realm = opaque = nonce = qop = algorithm = NULL;
realm = opaque = nonce = qop = NULL;
algorithm = "MD5";
au += 6; /* skip over `Digest' */
while (extract_param (&au, &name, &value, ','))
@ -3785,7 +3786,7 @@ digest_authentication_encode (const char *au, const char *user,
md5_finish_ctx (&ctx, hash);
dump_hash (a2buf, hash);
if (!strcmp(qop, "auth") || !strcmp (qop, "auth-int"))
if (qop && (!strcmp(qop, "auth") || !strcmp (qop, "auth-int")))
{
/* RFC 2617 Digest Access Authentication */
/* generate random hex string */
@ -3835,7 +3836,7 @@ digest_authentication_encode (const char *au, const char *user,
res = xmalloc (res_size);
if (!strcmp(qop,"auth"))
if (qop && !strcmp (qop, "auth"))
{
res_len = snprintf (res, res_size, "Digest "\
"username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\""\