aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGabriel Sjoberg <gabrielsjoberg@gmail.com>2012-11-09 17:19:46 -0600
committerDaniel Stenberg <daniel@haxx.se>2012-11-12 11:46:27 +0100
commite237402c47444e97b4947d22d91aa50f90a67d74 (patch)
treec1a620d93d022468847185036700e194d8b4c81f
parent1c23d2b39290032f739b1b441aba8bf89a0b834f (diff)
Digst: Add microseconds into nounce calculation
When using only 1 second precision, curl doesn't create new cnonce values quickly enough for all uses. For example, issuing the following command multiple times to a recent Tomcat causes authentication failures: curl --digest -utest:test http://tomcat.test.com:8080/manager/list This is because curl uses the same cnonce for several seconds, but doesn't increment the nonce counter.  Tomcat correctly interprets this as a replay attack and rejects the request. When microsecond-precision is available, this commit causes curl to change cnonce values much more frequently. With microsecond resolution, increasing the nounce length used in the headers to 32 was made to further reduce the risk of duplication.
-rw-r--r--lib/http_digest.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/http_digest.c b/lib/http_digest.c
index 112d88596..17cc95e81 100644
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -280,7 +280,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
unsigned char *md5this;
unsigned char *ha1;
unsigned char ha2[33];/* 32 digits and 1 zero byte */
- char cnoncebuf[7];
+ char cnoncebuf[33];
char *cnonce = NULL;
size_t cnonce_sz = 0;
char *tmp = NULL;
@@ -344,7 +344,8 @@ CURLcode Curl_output_digest(struct connectdata *conn,
if(!d->cnonce) {
/* Generate a cnonce */
now = Curl_tvnow();
- snprintf(cnoncebuf, sizeof(cnoncebuf), "%06ld", (long)now.tv_sec);
+ snprintf(cnoncebuf, sizeof(cnoncebuf), "%32ld",
+ (long)now.tv_sec + now.tv_usec);
rc = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf),
&cnonce, &cnonce_sz);