← Back to branch summary

~ubuntu-branches/ubuntu/lucid/curl/lucid-201101212007

« back to all changes in this revision

Viewing changes to lib/http_digest.c

  • Committer: Bazaar Package Importer
  • Author(s): Matthias Klose
  • Date: 2008-02-08 11:20:41 UTC
  • mto: (3.1.1 lenny) (1.2.1 upstream)
  • mto: This revision was merged to the branch mainline in revision 26.
  • Revision ID: james.westby@ubuntu.com-20080208112041-hed7sb5r6ghmjf8v
Tags: upstream-7.18.0
ImportĀ upstreamĀ versionĀ 7.18.0

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/http_digest.c
5
5
 *                            | (__| |_| |  _ <| |___
6
6
 *                             \___|\___/|_| \_\_____|
7
7
 *
8
 
 * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
 
8
 * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
9
9
 *
10
10
 * This software is licensed as described in the file COPYING, which
11
11
 * you should have received as part of this distribution. The terms
18
18
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19
19
 * KIND, either express or implied.
20
20
 *
21
 
 * $Id: http_digest.c,v 1.31 2007-08-27 06:31:28 danf Exp $
 
21
 * $Id: http_digest.c,v 1.34 2008-01-10 09:17:07 bagder Exp $
22
22
 ***************************************************************************/
23
23
#include "setup.h"
24
24
 
90
90
    Curl_digest_cleanup_one(d);
91
91
 
92
92
    while(more) {
93
 
      char value[32];
94
 
      char content[128];
 
93
      char value[256];
 
94
      char content[1024];
95
95
      size_t totlen=0;
96
96
 
97
97
      while(*header && ISSPACE(*header))
98
98
        header++;
99
99
 
100
100
      /* how big can these strings be? */
101
 
      if((2 == sscanf(header, "%31[^=]=\"%127[^\"]\"",
 
101
      if((2 == sscanf(header, "%255[^=]=\"%1023[^\"]\"",
102
102
                      value, content)) ||
103
103
         /* try the same scan but without quotes around the content but don't
104
104
            include the possibly trailing comma, newline or carriage return */
105
 
         (2 ==  sscanf(header, "%31[^=]=%127[^\r\n,]",
 
105
         (2 ==  sscanf(header, "%255[^=]=%1023[^\r\n,]",
106
106
                       value, content)) ) {
107
107
        if(strequal(value, "nonce")) {
108
108
          d->nonce = strdup(content);
133
133
          if(!tmp)
134
134
            return CURLDIGEST_NOMEM;
135
135
          token = strtok_r(tmp, ",", &tok_buf);
136
 
          while (token != NULL) {
137
 
            if (strequal(token, "auth")) {
 
136
          while(token != NULL) {
 
137
            if(strequal(token, "auth")) {
138
138
              foundAuth = TRUE;
139
139
            }
140
 
            else if (strequal(token, "auth-int")) {
 
140
            else if(strequal(token, "auth-int")) {
141
141
              foundAuthInt = TRUE;
142
142
            }
143
143
            token = strtok_r(NULL, ",", &tok_buf);
144
144
          }
145
145
          free(tmp);
146
146
          /*select only auth o auth-int. Otherwise, ignore*/
147
 
          if (foundAuth) {
 
147
          if(foundAuth) {
148
148
            d->qop = strdup("auth");
149
149
            if(!d->qop)
150
150
              return CURLDIGEST_NOMEM;
151
151
          }
152
 
          else if (foundAuthInt) {
 
152
          else if(foundAuthInt) {
153
153
            d->qop = strdup("auth-int");
154
154
            if(!d->qop)
155
155
              return CURLDIGEST_NOMEM;
180
180
        break; /* we're done here */
181
181
 
182
182
      header += totlen;
 
183
      /* pass all additional spaces here */
 
184
      while(*header && ISSPACE(*header))
 
185
        header++;
183
186
      if(',' == *header)
184
187
        /* allow the list to be comma-separated */
185
188
        header++;
243
246
*/
244
247
#define CURL_OUTPUT_DIGEST_CONV(a, b) \
245
248
  rc = Curl_convert_to_network(a, (char *)b, strlen((const char*)b)); \
246
 
  if (rc != CURLE_OK) { \
 
249
  if(rc != CURLE_OK) { \
247
250
    free(b); \
248
251
    return rc; \
249
252
  }
266
269
    authp = &data->state.authhost;
267
270
  }
268
271
 
269
 
  if (*allocuserpwd) {
 
272
  if(*allocuserpwd) {
270
273
    Curl_safefree(*allocuserpwd);
271
274
    *allocuserpwd = NULL;
272
275
  }
353
356
    return CURLE_OUT_OF_MEMORY;
354
357
  }
355
358
 
356
 
  if (d->qop && strequal(d->qop, "auth-int")) {
 
359
  if(d->qop && strequal(d->qop, "auth-int")) {
357
360
    /* We don't support auth-int at the moment. I can't see a easy way to get
358
361
       entity-body here */
359
362
    /* TODO: Append H(entity-body)*/
363
366
  free(md5this); /* free this again */
364
367
  md5_to_ascii(md5buf, ha2);
365
368
 
366
 
  if (d->qop) {
 
369
  if(d->qop) {
367
370
    md5this = (unsigned char *)aprintf("%s:%s:%08x:%s:%s:%s",
368
371
                                       ha1,
369
372
                                       d->nonce,
393
396
    nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca"
394
397
  */
395
398
 
396
 
  if (d->qop) {
 
399
  if(d->qop) {
397
400
    *allocuserpwd =
398
401
      aprintf( "%sAuthorization: Digest "
399
402
               "username=\"%s\", "