From 3fe24ea322d432c47891cf27b50de1f063f5a2a1 Mon Sep 17 00:00:00 2001
From: "Evgeny Grin (Karlson2k)" <k2k@narod.ru>
Date: Thu, 30 Jun 2022 18:30:21 +0300
Subject: [PATCH] digest: reject broken header with session protocol but
 without qop

Closes #9077
---
 lib/vauth/digest.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c
index 9eac840982..afe83af1ad 100644
--- a/lib/vauth/digest.c
+++ b/lib/vauth/digest.c
@@ -637,6 +637,10 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
   if(!digest->nonce)
     return CURLE_BAD_CONTENT_ENCODING;
 
+  /* "<algo>-sess" protocol versions require "auth" or "auth-int" qop */
+  if(!digest->qop && (digest->algo & SESSION_ALGO))
+    return CURLE_BAD_CONTENT_ENCODING;
+
   return CURLE_OK;
 }
 
-- 
2.47.3