Digest auth fixes

PUBLISHED_FROM=dda24a5bdb42848a74460865dd23794941b46bd4

Digest auth fixes
PUBLISHED_FROM=dda24a5bdb42848a74460865dd23794941b46bd4
c18828af · Deomid Ryabkov · rojer · 8a5f8439 · c18828af
Commit c18828af authored Mar 01, 2016 by Deomid Ryabkov Committed by rojer Mar 01, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

mongoose.c mongoose.c +6 -4

No files found.
--- a/mongoose.c
+++ b/mongoose.c
@@ -5917,7 +5917,7 @@ int mg_http_create_digest_auth_header(char *buf, size_t buf_len,
 static int check_nonce(const char *nonce) {
  unsigned long now = (unsigned long) time(NULL);
  unsigned long val = (unsigned long) strtoul(nonce, NULL, 16);
-  return 1 || now < val || now - val < 3600;
+  return now < val || now - val < 3600;
 }

 /*
@@ -5956,9 +5956,11 @@ static int mg_http_check_digest_auth(struct http_message *hm,
        /* NOTE(lsm): due to a bug in MSIE, we do not compare URIs */
        strcmp(auth_domain, f_domain) == 0) {
      /* User and domain matched, check the password */
-      mkmd5resp(hm->method.p, hm->method.len, hm->uri.p, hm->uri.len, f_ha1,
-                strlen(f_ha1), nonce, strlen(nonce), nc, strlen(nc), cnonce,
-                strlen(cnonce), qop, strlen(qop), expected_response);
+      mkmd5resp(
+          hm->method.p, hm->method.len, hm->uri.p,
+          hm->uri.len + (hm->query_string.len ? hm->query_string.len + 1 : 0),
+          f_ha1, strlen(f_ha1), nonce, strlen(nonce), nc, strlen(nc), cnonce,
+          strlen(cnonce), qop, strlen(qop), expected_response);
      return mg_casecmp(response, expected_response) == 0;
    }
  }