- Fixed the HTTP Digest auth code to not behave badly when getting a blank realm

  with realm="". http://curl.haxx.se/bug/view.cgi?id=2126435

diff --git a/CHANGES b/CHANGES
index 82ac6a1a67d0c21f7fcb67eb60915f6d1be01e32..f53007fe2f9af39e04fa901fceffea63ea851a52 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@
 
                                   Changelog
 
+Daniel Stenberg (25 Sep 2008)
+- Fixed the HTTP Digest auth code to not behave badly when getting a blank realm
+  with realm="". http://curl.haxx.se/bug/view.cgi?id=2126435
+
 Daniel Fandrich (23 Sep 2008)
 - Make sure not to dereference the wrong UrlState proto union member when
   switching from one protocol to another in a single request (e.g.

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a90bd2e32078b82175e5aa9dea537216b94b9a4d..5beced6fd0be2902b7fb6554544acc1eee33fd1f 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -27,6 +27,7 @@ This release includes the following bugfixes:
  o SFTP over SOCKS crash fixed
  o thread-safety issues addressed for NSS-powered libcurls
  o removed the use of mktime() and gmtime(_r)() in date parsing and conversions
+ o HTTP Digest with a blank realm did wrong
 
 This release includes the following known bugs:
 

diff --git a/lib/http_digest.c b/lib/http_digest.c
index 81e8612a7eb54554f0ac2d4338e5d93b8300583f..0d92652a069d57983ed06705a6526f4ddaabf645 100644 (file)
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -104,6 +104,12 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
             include the possibly trailing comma, newline or carriage return */
          (2 ==  sscanf(header, "%255[^=]=%1023[^\r\n,]",
                        value, content)) ) {
+        if(!strcmp("\"\"", content)) {
+          /* for the name="" case where we get only the "" in the content variable,
+           * simply clear the content then
+           */
+          content[0]=0;
+        }
         if(strequal(value, "nonce")) {
           d->nonce = strdup(content);
           if(!d->nonce)