Author: Henrik Nordstrom <henrik@henriknordstrom.net>

Various other Digest parser fixes

* Correct debug message when failing to parse digest attributes
* Correct digest stale=false in POST workaround code
* Fix new digest parser shutdown code when digest auth not configured
* Sanity check of the username.
  " cannot be allowed in usernames until the digest helper protocol
  has been redone

diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc
index c8285bdeeaa28b7e256ab318dc9f0fc5d0f36269..1ac84ad229fd65f4ba5b527bd5f3f3d25066b3ab 100644 (file)
--- a/src/auth/digest/auth_digest.cc
+++ b/src/auth/digest/auth_digest.cc
@@ -532,8 +532,10 @@ digestScheme::done()
     if (digestauthenticators)
         helperShutdown(digestauthenticators);
 
-    httpHeaderDestroyFieldsInfo(DigestFieldsInfo, DIGEST_ENUM_END);
-    DigestFieldsInfo = NULL;
+    if (DigestFieldsInfo) {
+       httpHeaderDestroyFieldsInfo(DigestFieldsInfo, DIGEST_ENUM_END);
+       DigestFieldsInfo = NULL;
+    }
 
     authdigest_initialised = 0;
 
@@ -670,6 +672,7 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn,
 
             if (strcasecmp(digest_request->response, Response)) {
                 credentials(Failed);
+                digest_request->flags.invalid_password = 1;
                 digest_request->setDenyMessage("Incorrect password");
                 return;
             } else {
@@ -1141,14 +1144,14 @@ AuthDigestConfig::decode(char const *proxy_auth)
         if (vlen > 0) {
             if (*p == '"') {
                 if (!httpHeaderParseQuotedString(p, &value)) {
-                    debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << temp << "' in '" << proxy_auth << "'");
+                    debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << item << "' in '" << temp << "'");
                     continue;
                 }
             } else {
                 value.limitInit(p, vlen);
             }
         } else {
-            debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << temp << "' in '" << proxy_auth << "'");
+            debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << item << "' in '" << temp << "'");
             continue;
         }
 
@@ -1214,7 +1217,7 @@ AuthDigestConfig::decode(char const *proxy_auth)
 
         default:
             debugs(29, 3, "authDigestDecodeAuth: Unknown attribute '" << item << "' in '" << temp << "'");
-
+            break;
         }
     }
 
@@ -1240,6 +1243,15 @@ AuthDigestConfig::decode(char const *proxy_auth)
         return authDigestLogUsername(username, digest_request);
     }
 
+    /* Sanity check of the username.
+     * " can not be allowed in usernames until * the digest helper protocol
+     * have been redone
+     */
+    if (strchr(username, '"')) {
+        debugs(29, 2, "authenticateDigestDecode: Unacceptable username '" << username << "'");
+        return authDigestLogUsername(username, digest_request);
+    }
+
     /* do we have a realm ? */
     if (!digest_request->realm || digest_request->realm[0] == '\0') {
         debugs(29, 2, "authenticateDigestDecode: Empty or not present realm");