From 6a90c2d1374948e2dd608e955f66081ff686c4cc Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Mon, 10 Oct 2011 22:27:57 -0600 Subject: [PATCH] Bug 3077: '\' in url query strings cause Digest authentication to fail --- src/auth/digest/auth_digest.cc | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc index f96dea9f04..ac05b3fe65 100644 --- a/src/auth/digest/auth_digest.cc +++ b/src/auth/digest/auth_digest.cc @@ -46,6 +46,7 @@ #include "auth/Gadgets.h" #include "auth/State.h" #include "base64.h" +#include "base/StringArea.h" #include "event.h" #include "mgr/Registration.h" #include "Store.h" @@ -814,10 +815,28 @@ Auth::Digest::Config::decode(char const *proxy_auth) vlen = 0; } - /* parse value. auth-param = token "=" ( token | quoted-string ) */ + StringArea keyName(item, nlen-1); String value; + if (vlen > 0) { - if (*p == '"') { + // see RFC 2617 section 3.2.1 and 3.2.2 for details on the BNF + + if (keyName == StringArea("domain",6) || keyName == StringArea("uri",3)) { + // domain is Special. Not a quoted-string, must not be de-quoted. But is wrapped in '"' + // BUG 3077: uri= can also be sent to us in a mangled (invalid!) form like domain + if (*p == '"' && *(p + vlen -1) == '"') { + value.limitInit(p+1, vlen-2); + } + } else if (keyName == StringArea("qop",3)) { + // qop is more special. + // On request this must not be quoted-string de-quoted. But is several values wrapped in '"' + // On response this is a single un-quoted token. + if (*p == '"' && *(p + vlen -1) == '"') { + value.limitInit(p+1, vlen-2); + } else { + value.limitInit(p, vlen); + } + } else if (*p == '"') { if (!httpHeaderParseQuotedString(p, vlen, &value)) { debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << item << "' in '" << temp << "'"); continue; -- 2.47.3