cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-2126435 ] wrong HTTP digest authentication with empty realm

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Thu, 25 Sep 2008 22:36:41 +0000

Bugs item #2126435, was opened at 2008-09-24 15:42
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2126435&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: libcurl
Group: wrong behaviour
>Status: Closed
Resolution: Fixed
Priority: 5
Private: No
Submitted By: ema (pocoyo)
Assigned to: Daniel Stenberg (bagder)
Summary: wrong HTTP digest authentication with empty realm

Initial Comment:
if libcurl receives an empty realm field, libcurl computes a wrong md5 string. This happens because if the realm is an empty string the following line (line 101, file lib/http_digest.c):

      if((2 == sscanf(header, "%255[^=]=\"%1023[^\"]\"",
                      value, content)) ||

sets the content to """" instead of "".

This leads to a wrong md5 computation and curl is not able to send the correct authentication.

After the sscanf command I propose the following patch:

 if (!strcmp(content, "\"\""))
     strcpy(content, "");

bye

Emanuele

----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2008-09-26 00:36

Message:
Credit attributed in the changelog, thanks! Case closed!

----------------------------------------------------------------------

Comment By: ema (pocoyo)
Date: 2008-09-25 23:45

Message:
my full name is Emanuele Bovisio.
Thanks for your attention and quick reply.

Emanuele

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2008-09-25 16:10

Message:
Thanks, this has now been committed!

If you tell me your full real name, I'll give you proper credit in the
changelog!

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2126435&group_id=976
Received on 2008-09-26

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET