cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-2535504 ] Digest authentication fails if realm contains quotes

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Mon, 26 Jan 2009 13:19:22 +0000

Bugs item #2535504, was opened at 2009-01-25 15:15
Message generated for change (Settings changed) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2535504&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: http
Group: wrong behaviour
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Alexey Borzov (borz_off)
Assigned to: Daniel Stenberg (bagder)
Summary: Digest authentication fails if realm contains quotes

Initial Comment:
If "realm" parameter in digest authentication challenge contains (escaped) quotes, curl fails to parse that and consequently fails to authenticate.

Note that value for realm parameter is defined in RFC 2617 as quoted-string, which is in turn defined in RFC 2616 as
quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
qdtext = <any TEXT except <">>
quoted-pair = "\" CHAR

so such a value for realm is perfectly valid (and allowed by e.g. Apache)

-------------------------------------------------

C:\web\curl-7.19.3>curl --digest -u "foo:bar" -v http://127.0.0.1/digest/
* About to connect() to 127.0.0.1 port 80 (#0)
* Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
* Server auth using Digest with user 'foo'
> GET /digest/ HTTP/1.1
> User-Agent: curl/7.19.3 (i586-pc-mingw32msvc) libcurl/7.19.3 zlib/1.2.3
> Host: 127.0.0.1
> Accept: */*
>
< HTTP/1.1 401 Authorization Required
< Date: Sun, 25 Jan 2009 13:53:59 GMT
< Server: Apache/2.0.63 (Win32) PHP/5.2.5
* Authentication problem. Ignoring this.
< WWW-Authenticate: Digest realm="Weird \"realm\" for digest", nonce="+Fs/9E5hBAA=e30cfaf462aa82efc0f13e4f6b0bb615390fa4
fd", algorithm=MD5, qop="auth"
< Content-Length: 485
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.0.63 (Win32) PHP/5.2.5 Server at 127.0.0.1 Port 80</address>
</body></html>
* Connection #0 to host 127.0.0.1 left intact
* Closing connection #0

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2009-01-26 14:19

Message:
Thanks for the report, this problem is now fixed in CVS!

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2535504&group_id=976
Received on 2009-01-26

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET