From: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date: Thu, 30 Jun 2022 15:30:21 +0000 (+0300)
Subject: digest: reject broken header with session protocol but without qop
X-Git-Tag: curl-7_85_0~102
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3fe24ea322d432c47891cf27b50de1f063f5a2a1;p=thirdparty%2Fcurl.git

digest: reject broken header with session protocol but without qop

Closes #9077
---

diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c
index 9eac840982..afe83af1ad 100644
--- a/lib/vauth/digest.c
+++ b/lib/vauth/digest.c
@@ -637,6 +637,10 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
   if(!digest->nonce)
     return CURLE_BAD_CONTENT_ENCODING;
 
+  /* "<algo>-sess" protocol versions require "auth" or "auth-int" qop */
+  if(!digest->qop && (digest->algo & SESSION_ALGO))
+    return CURLE_BAD_CONTENT_ENCODING;
+
   return CURLE_OK;
 }