Browse Source

[mod_auth] Fix digest "md5-sess" implementation (Errata ID 1649, RFC 2617) (fixes #2410)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2832 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.31
Stefan Bühler 10 years ago
parent
commit
61047369c7
  1. 1
      NEWS
  2. 4
      src/http_auth.c

1
NEWS

@ -11,6 +11,7 @@ NEWS
* buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405)
* Fix handling of empty header list entries in http_request_split_value, fixing invalid read in valgrind (fixes #2413)
* Fix access log escaping of " and \\ (fixes #1551)
* [mod_auth] Fix digest "md5-sess" implementation (Errata ID 1649, RFC 2617) (fixes #2410)
- 1.4.30 - 2011-12-18
* Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331)

4
src/http_auth.c

@ -1095,7 +1095,9 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
if (algorithm &&
strcasecmp(algorithm, "md5-sess") == 0) {
li_MD5_Init(&Md5Ctx);
li_MD5_Update(&Md5Ctx, (unsigned char *)HA1, 16);
/* Errata ID 1649: http://www.rfc-editor.org/errata_search.php?rfc=2617 */
CvtHex(HA1, a1);
li_MD5_Update(&Md5Ctx, (unsigned char *)a1, 32);
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);

Loading…
Cancel
Save