diff options
Diffstat (limited to 'daemon/digest.c')
| -rw-r--r-- | daemon/digest.c | 44 |
1 files changed, 25 insertions, 19 deletions
diff --git a/daemon/digest.c b/daemon/digest.c index d1cfe20..0bd6398 100644 --- a/daemon/digest.c +++ b/daemon/digest.c @@ -138,7 +138,7 @@ int digest_parse(char* header, ha_buffer_t* buf, digest_header_t* rec, header = ha_bufcpy(buf, header); if(!header) - return HA_ERROR; + return HA_CRITERROR; memset(rec, 0, sizeof(*rec)); @@ -253,7 +253,7 @@ int digest_parse(char* header, ha_buffer_t* buf, digest_header_t* rec, } int digest_check(const char* realm, const char* method, const char* uri, - ha_buffer_t* buf, digest_header_t* dg, digest_record_t* rec) + ha_buffer_t* buf, digest_header_t* dg, digest_record_t* rec) { unsigned char hash[MD5_LEN]; md5_ctx_t md5; @@ -268,7 +268,7 @@ int digest_check(const char* realm, const char* method, const char* uri, if(!dg->digest || !dg->digest[0]) { ha_messagex(LOG_WARNING, "digest response missing digest"); - return HA_FALSE; + return HA_BADREQ; } /* Username */ @@ -276,7 +276,7 @@ int digest_check(const char* realm, const char* method, const char* uri, md5_strcmp(rec->userhash, dg->username) != 0) { ha_messagex(LOG_WARNING, "digest response missing username"); - return HA_FALSE; + return HA_BADREQ; } /* The realm */ @@ -284,7 +284,7 @@ int digest_check(const char* realm, const char* method, const char* uri, { ha_messagex(LOG_WARNING, "digest response contains invalid realm: '%s'", dg->realm ? dg->realm : ""); - return HA_FALSE; + return HA_BADREQ; } /* Components in the new RFC */ @@ -298,21 +298,21 @@ int digest_check(const char* realm, const char* method, const char* uri, { ha_messagex(LOG_WARNING, "digest response contains unknown or unsupported qop: '%s'", dg->qop ? dg->qop : ""); - return HA_FALSE; + return HA_BADREQ; } /* The cnonce */ if(!dg->cnonce || !dg->cnonce[0]) { ha_messagex(LOG_WARNING, "digest response is missing cnonce value"); - return HA_FALSE; + return HA_BADREQ; } /* The nonce count */ if(!dg->nc || !dg->nc[0]) { ha_messagex(LOG_WARNING, "digest response is missing nc value"); - return HA_FALSE; + return HA_BADREQ; } /* Validate the nc */ @@ -325,7 +325,7 @@ int digest_check(const char* realm, const char* method, const char* uri, { ha_messagex(LOG_WARNING, "digest response has invalid nc value: %s", dg->nc); - return HA_FALSE; + return HA_BADREQ; } } } @@ -335,14 +335,14 @@ int digest_check(const char* realm, const char* method, const char* uri, { ha_messagex(LOG_WARNING, "digest response contains unknown or unsupported algorithm: '%s'", dg->algorithm ? dg->algorithm : ""); - return HA_FALSE; + return HA_BADREQ; } /* Request URI */ if(!dg->uri) { ha_messagex(LOG_WARNING, "digest response is missing uri"); - return HA_FALSE; + return HA_BADREQ; } if(strcmp(dg->uri, uri) != 0) @@ -350,23 +350,29 @@ int digest_check(const char* realm, const char* method, const char* uri, ha_uri_t d_uri; ha_uri_t s_uri; - if(ha_uriparse(buf, dg->uri, &d_uri) == HA_ERROR) + if(ha_uriparse(buf, dg->uri, &d_uri) < 0) { + if(ha_buferr(buf)) + return HA_CRITERROR; + ha_messagex(LOG_WARNING, "digest response constains invalid uri: %s", dg->uri); - return HA_FALSE; + return HA_BADREQ; } - if(ha_uriparse(buf, uri, &s_uri) == HA_ERROR) + if(ha_uriparse(buf, uri, &s_uri) < 0) { + if(ha_buferr(buf)) + return HA_CRITERROR; + ha_messagex(LOG_ERR, "server sent us an invalid uri"); - return HA_ERROR; + return HA_BADREQ; } if(ha_uricmp(&d_uri, &s_uri) != 0) { ha_messagex(LOG_WARNING, "digest response contains wrong uri: %s " "(should be %s)", dg->uri, uri); - return HA_ERROR; + return HA_BADREQ; } } @@ -386,7 +392,7 @@ int digest_check(const char* realm, const char* method, const char* uri, t = ha_bufenchex(buf, rec->ha1, MD5_LEN); if(t == NULL) - return HA_ERROR; + return HA_CRITERROR; /* Encode ha2 */ md5_init(&md5); @@ -398,7 +404,7 @@ int digest_check(const char* realm, const char* method, const char* uri, ha_bufenchex(buf, hash, MD5_LEN); if(!ha_bufdata(buf)) - return HA_ERROR; + return HA_CRITERROR; /* Old style digest (RFC 2069) */ @@ -435,7 +441,7 @@ int digest_check(const char* realm, const char* method, const char* uri, digest = ha_bufenchex(buf, hash, MD5_LEN); if(digest == NULL) - return HA_ERROR; + return HA_CRITERROR; if(strcasecmp(dg->digest, digest) != 0) { |