From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Sat, 6 Mar 2010 14:47:46 +0000 (+0100)
Subject: Sanity check of the username.
X-Git-Tag: SQUID_3_2_0_1~381
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=920d1c9dbb63b7e29d58454e29a510874755fc3c;p=thirdparty%2Fsquid.git

Sanity check of the username.

" can not be allowed in usernames until the digest helper protocol
have been redone
---

diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc
index ff6fa09d2c..10c335fe7a 100644
--- a/src/auth/digest/auth_digest.cc
+++ b/src/auth/digest/auth_digest.cc
@@ -1236,6 +1236,15 @@ AuthDigestConfig::decode(char const *proxy_auth)
         return authDigestLogUsername(username, digest_request);
     }
 
+    /* Sanity check of the username.
+     * " can not be allowed in usernames until * the digest helper protocol
+     * have been redone
+     */
+    if (strchr(username, '"')) {
+        debugs(29, 2, "authenticateDigestDecode: Unacceptable username '" << username << "'");
+        return authDigestLogUsername(username, digest_request);
+    }
+
     /* do we have a realm ? */
     if (!digest_request->realm || digest_request->realm[0] == '\0') {
         debugs(29, 2, "authenticateDigestDecode: Empty or not present realm");