From: Amos Jeffries <squid3@treenet.co.nz>
Date: Wed, 10 Mar 2010 11:07:17 +0000 (+1300)
Subject: Author: Henrik Nordstrom <henrik@henriknordstrom.net>
X-Git-Tag: SQUID_3_0_STABLE25~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=261e29237b2632e92336ac614729e7068202a9a1;p=thirdparty%2Fsquid.git

Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Various other Digest parser fixes

* Correct debug message when failing to parse digest attributes
* Correct digest stale=false in POST workaround code
* Fix new digest parser shutdown code when digest auth not configured
* Sanity check of the username.
  " cannot be allowed in usernames until the digest helper protocol
  has been redone
---

diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc
index 107f198e57..784cc5ef82 100644
--- a/src/auth/digest/auth_digest.cc
+++ b/src/auth/digest/auth_digest.cc
@@ -534,8 +534,10 @@ digestScheme::done()
     if (digestauthenticators)
         helperShutdown(digestauthenticators);
 
-    httpHeaderDestroyFieldsInfo(DigestFieldsInfo, DIGEST_ENUM_END);
-    DigestFieldsInfo = NULL;
+    if (DigestFieldsInfo) {
+	httpHeaderDestroyFieldsInfo(DigestFieldsInfo, DIGEST_ENUM_END);
+	DigestFieldsInfo = NULL;
+    }
 
     authdigest_initialised = 0;
 
@@ -672,6 +674,7 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData::Pointe
 
             if (strcasecmp(digest_request->response, Response)) {
                 credentials(Failed);
+                digest_request->flags.invalid_password = 1;
                 digest_request->setDenyMessage("Incorrect password");
                 return;
             } else {
@@ -1135,7 +1138,7 @@ AuthDigestConfig::decode(char const *proxy_auth)
             nlen = ilen;
 
         if (!value.buf()) {
-            debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << temp << "' in '" << proxy_auth << "'");
+            debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << item << "' in '" << temp << "'");
             continue;
         }
 
@@ -1201,7 +1204,7 @@ AuthDigestConfig::decode(char const *proxy_auth)
 
         default:
             debugs(29, 3, "authDigestDecodeAuth: Unknown attribute '" << item << "' in '" << temp << "'");
-
+            break;
         }
     }
 
@@ -1227,6 +1230,15 @@ AuthDigestConfig::decode(char const *proxy_auth)
         return authDigestLogUsername(username, digest_request);
     }
 
+    /* Sanity check of the username.
+     * " can not be allowed in usernames until * the digest helper protocol
+     * have been redone
+     */
+    if (strchr(username, '"')) {
+        debugs(29, 2, "authenticateDigestDecode: Unacceptable username '" << username << "'");
+        return authDigestLogUsername(username, digest_request);
+    }
+
     /* do we have a realm ? */
     if (!digest_request->realm || digest_request->realm[0] == '\0') {
         debugs(29, 2, "authenticateDigestDecode: Empty or not present realm");