diff options
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | RELEASE-NOTES | 1 | ||||
-rw-r--r-- | lib/http_digest.c | 6 |
3 files changed, 11 insertions, 0 deletions
@@ -6,6 +6,10 @@ Changelog +Daniel Stenberg (25 Sep 2008) +- Fixed the HTTP Digest auth code to not behave badly when getting a blank realm + with realm="". http://curl.haxx.se/bug/view.cgi?id=2126435 + Daniel Fandrich (23 Sep 2008) - Make sure not to dereference the wrong UrlState proto union member when switching from one protocol to another in a single request (e.g. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index a90bd2e32..5beced6fd 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -27,6 +27,7 @@ This release includes the following bugfixes: o SFTP over SOCKS crash fixed o thread-safety issues addressed for NSS-powered libcurls o removed the use of mktime() and gmtime(_r)() in date parsing and conversions + o HTTP Digest with a blank realm did wrong This release includes the following known bugs: diff --git a/lib/http_digest.c b/lib/http_digest.c index 81e8612a7..0d92652a0 100644 --- a/lib/http_digest.c +++ b/lib/http_digest.c @@ -104,6 +104,12 @@ CURLdigest Curl_input_digest(struct connectdata *conn, include the possibly trailing comma, newline or carriage return */ (2 == sscanf(header, "%255[^=]=%1023[^\r\n,]", value, content)) ) { + if(!strcmp("\"\"", content)) { + /* for the name="" case where we get only the "" in the content variable, + * simply clear the content then + */ + content[0]=0; + } if(strequal(value, "nonce")) { d->nonce = strdup(content); if(!d->nonce) |