diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/http_digest.c | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/lib/http_digest.c b/lib/http_digest.c index 29da90a13..57ffbadfe 100644 --- a/lib/http_digest.c +++ b/lib/http_digest.c @@ -57,6 +57,7 @@ CURLdigest Curl_input_digest(struct connectdata *conn, { bool more = TRUE; struct SessionHandle *data=conn->data; + bool before = FALSE; /* got a nonce before */ /* skip initial whitespaces */ while(*header && isspace((int)*header)) @@ -65,6 +66,10 @@ CURLdigest Curl_input_digest(struct connectdata *conn, if(checkprefix("Digest", header)) { header += strlen("Digest"); + /* If we already have received a nonce, keep that in mind */ + if(data->state.digest.nonce) + before = TRUE; + /* clear off any former leftovers and init to defaults */ Curl_digest_cleanup(data); @@ -82,6 +87,10 @@ CURLdigest Curl_input_digest(struct connectdata *conn, if(strequal(value, "nonce")) { data->state.digest.nonce = strdup(content); } + else if(strequal(value, "stale")) { + if(strequal(content, "true")) + data->state.digest.stale = TRUE; + } else if(strequal(value, "cnonce")) { data->state.digest.cnonce = strdup(content); } @@ -106,7 +115,14 @@ CURLdigest Curl_input_digest(struct connectdata *conn, /* allow the list to be comma-separated */ header++; } + /* We had a nonce since before, and we got another one now without + 'stale=true'. This means we provided bad credentials in the previous + request */ + + if(before && !data->state.digest.stale) + return CURLDIGEST_BAD; + /* We got this header without a nonce, that's a bad Digest line! */ if(!data->state.digest.nonce) return CURLDIGEST_BAD; } @@ -213,19 +229,23 @@ CURLcode Curl_output_digest(struct connectdata *conn, void Curl_digest_cleanup(struct SessionHandle *data) { - if(data->state.digest.nonce) - free(data->state.digest.nonce); - data->state.digest.nonce = NULL; + struct digestdata *d = &data->state.digest; + + if(d->nonce) + free(d->nonce); + d->nonce = NULL; + + if(d->cnonce) + free(d->cnonce); + d->cnonce = NULL; - if(data->state.digest.cnonce) - free(data->state.digest.cnonce); - data->state.digest.cnonce = NULL; + if(d->realm) + free(d->realm); + d->realm = NULL; - if(data->state.digest.realm) - free(data->state.digest.realm); - data->state.digest.realm = NULL; + d->algo = CURLDIGESTALGO_MD5; /* default algorithm */ - data->state.digest.algo = CURLDIGESTALGO_MD5; /* default algorithm */ + d->stale = FALSE; /* default means normal, not stale */ } #endif |