SourceFormat Enforcement

[thirdparty/squid.git] / lib / rfc2617.c

diff --git a/lib/rfc2617.c b/lib/rfc2617.c
index 9d9259bc3ffd5cccd34d5cc21ca836a082ad3468..c586c2343070f8cb1eac89401e3416265f9e053b 100644 (file)
--- a/lib/rfc2617.c
+++ b/lib/rfc2617.c
@@ -11,10 +11,7 @@
  * to prevent squid knowing the users password (idea suggested in RFC 2617).
  */
 
-
 /*
- * $Id: rfc2617.c,v 1.13 2007/12/30 01:54:02 hno Exp $
- *
  * DEBUG:
  * AUTHOR: RFC 2617 & Robert Collins
  *
@@ -46,10 +43,10 @@
  *
  */
 
-#include "config.h"
+#include "squid.h"
 #include <string.h>
-#include "rfc2617.h"
 #include "md5.h"
+#include "rfc2617.h"
 
 void
 CvtHex(const HASH Bin, HASHHEX Hex)
@@ -94,12 +91,16 @@ CvtBin(const HASHHEX Hex, HASH Bin)
         else
             Bin[i / 2] |= n;
     }
+    /* FIXME: Coverity detects the below as dead code.
+      Why? :: right here i == 32
+        which means the first step of the for loop makes i==16
+        and cannot be < HASHLEN (which is also 16)
+    */
     for (i = i / 2; i < HASHLEN; i++) {
         Bin[i] = '\0';
     }
 }
 
-
 /* calculate H(A1) as per spec */
 void
 DigestCalcHA1(
@@ -163,7 +164,7 @@ DigestCalcResponse(
     SquidMD5Update(&Md5Ctx, pszMethod, strlen(pszMethod));
     SquidMD5Update(&Md5Ctx, ":", 1);
     SquidMD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri));
-    if (strcasecmp(pszQop, "auth-int") == 0) {
+    if (pszQop && strcasecmp(pszQop, "auth-int") == 0) {
         SquidMD5Update(&Md5Ctx, ":", 1);
         SquidMD5Update(&Md5Ctx, HEntity, HASHHEXLEN);
     }
@@ -177,7 +178,7 @@ DigestCalcResponse(
     SquidMD5Update(&Md5Ctx, ":", 1);
     SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
     SquidMD5Update(&Md5Ctx, ":", 1);
-    if (*pszQop) {
+    if (pszQop) {
         SquidMD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount));
         SquidMD5Update(&Md5Ctx, ":", 1);
         SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));