diff options
Diffstat (limited to 'daemon')
| -rw-r--r-- | daemon/bd.c | 2 | ||||
| -rw-r--r-- | daemon/digest.c | 9 | ||||
| -rw-r--r-- | daemon/digest.h | 4 | 
3 files changed, 9 insertions, 6 deletions
| diff --git a/daemon/bd.c b/daemon/bd.c index eb0bec0..277a3f7 100644 --- a/daemon/bd.c +++ b/daemon/bd.c @@ -423,7 +423,7 @@ static int do_digest_response(ha_request_t* rq, bd_context_t* ctx, const char* h  	cached = (prepare_digest_from_cached (ctx, &dg, rq, nonce) == HA_OK);  	/* Check the majority of the fields */ -	ret = digest_pre_check (&dg, rq->context, rq->buf); +	ret = digest_pre_check (&dg, rq->context, rq->buf, &stale);  	if (ret != HA_OK) {  		if (ret == HA_BADREQ) {  			ret = HA_FALSE; diff --git a/daemon/digest.c b/daemon/digest.c index 21cb453..93f433b 100644 --- a/daemon/digest.c +++ b/daemon/digest.c @@ -242,20 +242,22 @@ int digest_parse(const char* head, ha_buffer_t* buf, digest_header_t* rec)      return HA_OK;  } -int digest_check(digest_context_t* dg, const ha_context_t* opts, ha_buffer_t* buf) +int digest_check(digest_context_t* dg, const ha_context_t* opts, ha_buffer_t* buf, int *stale)  {      int r; -    r = digest_pre_check(dg, opts, buf); +    r = digest_pre_check(dg, opts, buf, stale);      if(r == HA_OK)          r = digest_complete_check(dg, opts, buf);      return r;  } -int digest_pre_check(digest_context_t* dg, const ha_context_t* opts, ha_buffer_t* buf) +int digest_pre_check(digest_context_t* dg, const ha_context_t* opts, +                     ha_buffer_t* buf, int *stale)  {      ASSERT(buf && buf && dg); +    ASSERT(stale);      /* Check for digest */      if(!dg->client.digest || !dg->client.digest[0]) @@ -337,6 +339,7 @@ int digest_pre_check(digest_context_t* dg, const ha_context_t* opts, ha_buffer_t                      ha_messagex(NULL, LOG_WARNING, "digest response has wrong nc value: %s "                                                     "possible replay attack, should be: %d",                                                     dg->client.nc, dg->server_nc); +                    *stale = 1;                      return HA_FALSE;                  }              } diff --git a/daemon/digest.h b/daemon/digest.h index 7a0f59c..fb9bfd7 100644 --- a/daemon/digest.h +++ b/daemon/digest.h @@ -73,8 +73,8 @@ const char* digest_challenge(ha_buffer_t* buf, const char* nonce_str,   * Validate digest headers once they've been parsed. Note that it's up   * to the caller to validate the 'username' and 'nonce' fields.   */ -int digest_check(digest_context_t* dg, const ha_context_t* opts, ha_buffer_t* buf); -int digest_pre_check(digest_context_t* dg, const ha_context_t* opts, ha_buffer_t* buf); +int digest_check(digest_context_t* dg, const ha_context_t* opts, ha_buffer_t* buf, int *stale); +int digest_pre_check(digest_context_t* dg, const ha_context_t* opts, ha_buffer_t* buf, int *stale);  /* This assumes a digest_context that's been prechecked successfully */  int digest_complete_check(digest_context_t* dg, const ha_context_t* opts, ha_buffer_t* buf); | 
