diff options
Diffstat (limited to 'daemon/digest.c')
| -rw-r--r-- | daemon/digest.c | 45 |
1 files changed, 41 insertions, 4 deletions
diff --git a/daemon/digest.c b/daemon/digest.c index ecde6b7..21cb453 100644 --- a/daemon/digest.c +++ b/daemon/digest.c @@ -27,6 +27,7 @@ #include "digest.h" #include "stringx.h" +#include <ctype.h> #include <syslog.h> /* A globally unique counter used to guarantee uniqueness of nonces */ @@ -333,8 +334,9 @@ int digest_pre_check(digest_context_t* dg, const ha_context_t* opts, ha_buffer_t if(*e || nc != dg->server_nc) { - ha_messagex(NULL, LOG_WARNING, "digest response has wrong nc value. " - "possible replay attack: %s", dg->client.nc); + ha_messagex(NULL, LOG_WARNING, "digest response has wrong nc value: %s " + "possible replay attack, should be: %d", + dg->client.nc, dg->server_nc); return HA_FALSE; } } @@ -415,7 +417,7 @@ static int internal_check(digest_context_t* dg, const char* http_method, ha_buff */ /* Encode ha1 */ - t = ha_bufenchex(buf, dg->ha1, MD5_LEN); + t = ha_bufenchex(buf, dg->server_ha1, MD5_LEN); if(t == NULL) return HA_CRITERROR; @@ -541,7 +543,7 @@ const char* digest_respond(digest_context_t* dg, ha_buffer_t* buf, /* Otherwise we do the whole song and dance */ /* Encode ha1 */ - t = ha_bufenchex(buf, dg->ha1, MD5_LEN); + t = ha_bufenchex(buf, dg->server_ha1, MD5_LEN); if(t == NULL) return NULL; @@ -614,3 +616,38 @@ void digest_makeha1(unsigned char* digest, const char* user, md5_update(&md5, password, strlen(password)); md5_final(digest, &md5); } + +#define MUST_ESCAPE "\"\' \t\n\r\v\\" + +void +digest_escape (ha_buffer_t *buf, const char *orig) +{ + const char* t; + size_t pos; + + assert (orig); + assert (buf); + + ha_bufcpy(buf, ""); + + t = orig; + while (*t) { + pos = strcspn (t, MUST_ESCAPE); + + if(pos > 0) { + ha_bufjoin (buf); + ha_bufncpy (buf, t, pos); + t += pos; + } + + while (*t && !strchr (MUST_ESCAPE, *t)) { + char esc[3]; + esc[0] = '\\'; + esc[1] = *t; + esc[2] = '\0'; + ha_bufjoin (buf); + ha_bufcpy (buf, esc); + t++; + } + } +} |