Author: Henrik Nordstrom <henrik@henriknordstrom.net>

Various other Digest parser fixes

* Correct debug message when failing to parse digest attributes
* Correct digest stale=false in POST workaround code
* Fix new digest parser shutdown code when digest auth not configured
* Sanity check of the username.
  " cannot be allowed in usernames until the digest helper protocol
  has been redone

diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc
index 107f198e57d0d1968376d12c5f40366f922be4f8..784cc5ef8288373a8d72ed215f6108f48a322f2b 100644 (file)
--- a/src/auth/digest/auth_digest.cc
+++ b/src/auth/digest/auth_digest.cc
@@ -534,8 +534,10 @@ digestScheme::done()
     if (digestauthenticators)
         helperShutdown(digestauthenticators);
 
-    httpHeaderDestroyFieldsInfo(DigestFieldsInfo, DIGEST_ENUM_END);
-    DigestFieldsInfo = NULL;
+    if (DigestFieldsInfo) {
+       httpHeaderDestroyFieldsInfo(DigestFieldsInfo, DIGEST_ENUM_END);
+       DigestFieldsInfo = NULL;
+    }
 
     authdigest_initialised = 0;
 
@@ -672,6 +674,7 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData::Pointe
 
             if (strcasecmp(digest_request->response, Response)) {
                 credentials(Failed);
+                digest_request->flags.invalid_password = 1;
                 digest_request->setDenyMessage("Incorrect password");
                 return;
             } else {
@@ -1135,7 +1138,7 @@ AuthDigestConfig::decode(char const *proxy_auth)
             nlen = ilen;
 
         if (!value.buf()) {
-            debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << temp << "' in '" << proxy_auth << "'");
+            debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << item << "' in '" << temp << "'");
             continue;
         }
 
@@ -1201,7 +1204,7 @@ AuthDigestConfig::decode(char const *proxy_auth)
 
         default:
             debugs(29, 3, "authDigestDecodeAuth: Unknown attribute '" << item << "' in '" << temp << "'");
-
+            break;
         }
     }
 
@@ -1227,6 +1230,15 @@ AuthDigestConfig::decode(char const *proxy_auth)
         return authDigestLogUsername(username, digest_request);
     }
 
+    /* Sanity check of the username.
+     * " can not be allowed in usernames until * the digest helper protocol
+     * have been redone
+     */
+    if (strchr(username, '"')) {
+        debugs(29, 2, "authenticateDigestDecode: Unacceptable username '" << username << "'");
+        return authDigestLogUsername(username, digest_request);
+    }
+
     /* do we have a realm ? */
     if (!digest_request->realm || digest_request->realm[0] == '\0') {
         debugs(29, 2, "authenticateDigestDecode: Empty or not present realm");