Skip to content
Snippets Groups Projects
Commit a8896fa8 authored by deuce's avatar deuce
Browse files

Use URI from request line if not specified in the authentication header.

Validate cnonce and nc values for qop and ensure thy are not present
for unspecified qops.
parent ae3993f3
No related branches found
No related tags found
No related merge requests found
...@@ -1531,6 +1531,20 @@ static BOOL check_ars(http_session_t * session) ...@@ -1531,6 +1531,20 @@ static BOOL check_ars(http_session_t * session)
return(FALSE); return(FALSE);
if(session->req.auth.algorithm==ALGORITHM_UNKNOWN) if(session->req.auth.algorithm==ALGORITHM_UNKNOWN)
return(FALSE); return(FALSE);
/* Validate rules from RFC-2617 */
if(session->req.auth.qop_value==QOP_AUTH
|| session->req.auth.qop_value==QOP_AUTH_INT) {
if(session->req.auth.cnonce==NULL)
return(FALSE);
if(session->req.auth.nonce_count==NULL)
return(FALSE);
}
else {
if(session->req.auth.cnonce!=NULL)
return(FALSE);
if(session->req.auth.nonce_count!=NULL)
return(FALSE);
}
/* H(A1) */ /* H(A1) */
MD5_open(&ctx); MD5_open(&ctx);
...@@ -2234,6 +2248,8 @@ static BOOL parse_headers(http_session_t * session) ...@@ -2234,6 +2248,8 @@ static BOOL parse_headers(http_session_t * session)
while(*p && !isspace(*p)) while(*p && !isspace(*p))
p++; p++;
} }
if(session->req.auth.digest_uri==NULL)
session->req.auth.digest_uri=strdup(session->req.request_line);
} }
} }
break; break;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment