aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES4
-rw-r--r--RELEASE-NOTES1
-rw-r--r--lib/http_digest.c6
3 files changed, 11 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 82ac6a1a6..f53007fe2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@
Changelog
+Daniel Stenberg (25 Sep 2008)
+- Fixed the HTTP Digest auth code to not behave badly when getting a blank realm
+ with realm="". http://curl.haxx.se/bug/view.cgi?id=2126435
+
Daniel Fandrich (23 Sep 2008)
- Make sure not to dereference the wrong UrlState proto union member when
switching from one protocol to another in a single request (e.g.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a90bd2e32..5beced6fd 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -27,6 +27,7 @@ This release includes the following bugfixes:
o SFTP over SOCKS crash fixed
o thread-safety issues addressed for NSS-powered libcurls
o removed the use of mktime() and gmtime(_r)() in date parsing and conversions
+ o HTTP Digest with a blank realm did wrong
This release includes the following known bugs:
diff --git a/lib/http_digest.c b/lib/http_digest.c
index 81e8612a7..0d92652a0 100644
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -104,6 +104,12 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
include the possibly trailing comma, newline or carriage return */
(2 == sscanf(header, "%255[^=]=%1023[^\r\n,]",
value, content)) ) {
+ if(!strcmp("\"\"", content)) {
+ /* for the name="" case where we get only the "" in the content variable,
+ * simply clear the content then
+ */
+ content[0]=0;
+ }
if(strequal(value, "nonce")) {
d->nonce = strdup(content);
if(!d->nonce)