* to prevent squid knowing the users password (idea suggested in RFC 2617).
*/
-
/*
- * $Id: rfc2617.c,v 1.13 2007/12/30 01:54:02 hno Exp $
- *
* DEBUG:
* AUTHOR: RFC 2617 & Robert Collins
*
*
*/
-#include "config.h"
+#include "squid.h"
#include <string.h>
-#include "rfc2617.h"
#include "md5.h"
+#include "rfc2617.h"
void
CvtHex(const HASH Bin, HASHHEX Hex)
else
Bin[i / 2] |= n;
}
+ /* FIXME: Coverity detects the below as dead code.
+ Why? :: right here i == 32
+ which means the first step of the for loop makes i==16
+ and cannot be < HASHLEN (which is also 16)
+ */
for (i = i / 2; i < HASHLEN; i++) {
Bin[i] = '\0';
}
}
-
/* calculate H(A1) as per spec */
void
DigestCalcHA1(
SquidMD5Update(&Md5Ctx, pszMethod, strlen(pszMethod));
SquidMD5Update(&Md5Ctx, ":", 1);
SquidMD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri));
- if (strcasecmp(pszQop, "auth-int") == 0) {
+ if (pszQop && strcasecmp(pszQop, "auth-int") == 0) {
SquidMD5Update(&Md5Ctx, ":", 1);
SquidMD5Update(&Md5Ctx, HEntity, HASHHEXLEN);
}
SquidMD5Update(&Md5Ctx, ":", 1);
SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
SquidMD5Update(&Md5Ctx, ":", 1);
- if (*pszQop) {
+ if (pszQop) {
SquidMD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount));
SquidMD5Update(&Md5Ctx, ":", 1);
SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));