From ac419bf562c4196f819edd124be82da96f81ba95 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 27 May 2013 19:45:12 +0200 Subject: Digest auth: escape user names with \ or " in them When sending the HTTP Authorization: header for digest, the user name needs to be escaped if it contains a double-quote or backslash. Test 1229 was added to verify Reported and fixed by: Nach M. S Bug: http://curl.haxx.se/bug/view.cgi?id=1230 --- tests/data/test1229 | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 tests/data/test1229 (limited to 'tests/data/test1229') diff --git a/tests/data/test1229 b/tests/data/test1229 new file mode 100644 index 000000000..dcb55e886 --- /dev/null +++ b/tests/data/test1229 @@ -0,0 +1,82 @@ + + + +HTTP +HTTP GET +HTTP Digest auth + + +# Server-side + + +HTTP/1.1 401 Authorization Required swsclose +Server: Apache/1.3.27 (Darwin) PHP/4.1.2 +WWW-Authenticate: Digest realm="testrealm", nonce="1053604145" +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 26 + +This is not the real page + + +# This is supposed to be returned when the server gets a +# Authorization: Digest line passed-in from the client + +HTTP/1.1 200 OK swsclose +Server: Apache/1.3.27 (Darwin) PHP/4.1.2 +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 23 + +This IS the real page! + + + +HTTP/1.1 401 Authorization Required swsclose +Server: Apache/1.3.27 (Darwin) PHP/4.1.2 +WWW-Authenticate: Digest realm="testrealm", nonce="1053604145" +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 26 + +HTTP/1.1 200 OK swsclose +Server: Apache/1.3.27 (Darwin) PHP/4.1.2 +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 23 + +This IS the real page! + + + + +# Client-side + + +http + + +crypto + + +HTTP with Digest authorization with user name needing escape + + +http://%5cuser%22:password@%HOSTIP:%HTTPPORT/1229 --digest + + + +# Verify data after the test has been "shot" + + +^User-Agent:.* + + +GET /1229 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Accept: */* + +GET /1229 HTTP/1.1 +Authorization: Digest username="\\user\"", realm="testrealm", nonce="1053604145", uri="/1229", response="f2694d426040712584c156d3de72b8d6" +Host: %HOSTIP:%HTTPPORT +Accept: */* + + + + -- cgit v1.2.3