Browse Source

[mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2877 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.33
Stefan Bühler 9 years ago
parent
commit
c008fd7ec8
  1. 1
      NEWS
  2. 14
      src/http_auth.c

1
NEWS

@ -16,6 +16,7 @@ NEWS
* fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu)
* fix undefined stuff found with clang
* [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448)
* [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)
- 1.4.32 - 2012-11-21
* Code cleanup with clang/sparse (fixes #2437, thx kibi)

14
src/http_auth.c

@ -934,6 +934,7 @@ typedef struct {
char **ptr;
} digest_kv;
/* return values: -1: error/bad request, 0: failed, 1: success */
int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, buffer *url, const char *realm_str) {
char a1[256];
char a2[256];
@ -1071,6 +1072,14 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
return -1;
}
if (qop && strcasecmp(qop, "auth-int") == 0) {
log_error_write(srv, __FILE__, __LINE__, "s",
"digest: qop=auth-int not supported");
buffer_free(b);
return -1;
}
m = get_http_method_name(con->request.http_method);
/* password-string == HA1 */
@ -1131,10 +1140,13 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
li_MD5_Update(&Md5Ctx, (unsigned char *)m, strlen(m));
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
li_MD5_Update(&Md5Ctx, (unsigned char *)uri, strlen(uri));
/* qop=auth-int not supported, already checked above */
/*
if (qop && strcasecmp(qop, "auth-int") == 0) {
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
li_MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
li_MD5_Update(&Md5Ctx, (unsigned char *) [body checksum], HASHHEXLEN);
}
*/
li_MD5_Final(HA2, &Md5Ctx);
CvtHex(HA2, HA2Hex);

Loading…
Cancel
Save