33 lines
1.6 KiB
Diff
33 lines
1.6 KiB
Diff
|
From 409956536647b3a05ee1e367424a24ae6b8f13fd Mon Sep 17 00:00:00 2001
|
||
|
|
From: Amos Jeffries <yadij@users.noreply.github.com>
|
||
|
|
Date: Sat, 8 Jun 2019 21:09:23 +0000
|
||
|
|
Subject: [PATCH] Fix Digest auth parameter parsing (#415)
|
||
|
|
|
||
|
|
Only remove quoting if the domain=, uri= or qop= parameter
|
||
|
|
value is surrounded by double-quotes.
|
||
|
|
---
|
||
|
|
src/auth/digest/Config.cc | 4 ++--
|
||
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/src/auth/digest/Config.cc b/src/auth/digest/Config.cc
|
||
|
|
index a8a07cd4db..b547bf83d3 100644
|
||
|
|
--- a/src/auth/digest/Config.cc
|
||
|
|
+++ b/src/auth/digest/Config.cc
|
||
|
|
@@ -787,14 +787,14 @@ Auth::Digest::Config::decode(char const *proxy_auth, const char *aRequestRealm)
|
||
|
|
if (keyName == SBuf("domain",6) || keyName == SBuf("uri",3)) {
|
||
|
|
// domain is Special. Not a quoted-string, must not be de-quoted. But is wrapped in '"'
|
||
|
|
// BUG 3077: uri= can also be sent to us in a mangled (invalid!) form like domain
|
||
|
|
- if (*p == '"' && *(p + vlen -1) == '"') {
|
||
|
|
+ if (vlen > 1 && *p == '"' && *(p + vlen -1) == '"') {
|
||
|
|
value.limitInit(p+1, vlen-2);
|
||
|
|
}
|
||
|
|
} else if (keyName == SBuf("qop",3)) {
|
||
|
|
// qop is more special.
|
||
|
|
// On request this must not be quoted-string de-quoted. But is several values wrapped in '"'
|
||
|
|
// On response this is a single un-quoted token.
|
||
|
|
- if (*p == '"' && *(p + vlen -1) == '"') {
|
||
|
|
+ if (vlen > 1 && *p == '"' && *(p + vlen -1) == '"') {
|
||
|
|
value.limitInit(p+1, vlen-2);
|
||
|
|
} else {
|
||
|
|
value.limitInit(p, vlen);
|