From 920d1c9dbb63b7e29d58454e29a510874755fc3c Mon Sep 17 00:00:00 2001
From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Sat, 6 Mar 2010 15:47:46 +0100
Subject: [PATCH] Sanity check of the username.

" can not be allowed in usernames until the digest helper protocol
have been redone
---
 src/auth/digest/auth_digest.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc
index ff6fa09d2c..10c335fe7a 100644
--- a/src/auth/digest/auth_digest.cc
+++ b/src/auth/digest/auth_digest.cc
@@ -1236,6 +1236,15 @@ AuthDigestConfig::decode(char const *proxy_auth)
         return authDigestLogUsername(username, digest_request);
     }
 
+    /* Sanity check of the username.
+     * " can not be allowed in usernames until * the digest helper protocol
+     * have been redone
+     */
+    if (strchr(username, '"')) {
+        debugs(29, 2, "authenticateDigestDecode: Unacceptable username '" << username << "'");
+        return authDigestLogUsername(username, digest_request);
+    }
+
     /* do we have a realm ? */
     if (!digest_request->realm || digest_request->realm[0] == '\0') {
         debugs(29, 2, "authenticateDigestDecode: Empty or not present realm");
-- 
2.47.3