Commit c18828af authored by Deomid Ryabkov's avatar Deomid Ryabkov Committed by rojer

Digest auth fixes

    PUBLISHED_FROM=dda24a5bdb42848a74460865dd23794941b46bd4
parent 8a5f8439
......@@ -5917,7 +5917,7 @@ int mg_http_create_digest_auth_header(char *buf, size_t buf_len,
static int check_nonce(const char *nonce) {
unsigned long now = (unsigned long) time(NULL);
unsigned long val = (unsigned long) strtoul(nonce, NULL, 16);
return 1 || now < val || now - val < 3600;
return now < val || now - val < 3600;
}
/*
......@@ -5956,8 +5956,10 @@ static int mg_http_check_digest_auth(struct http_message *hm,
/* NOTE(lsm): due to a bug in MSIE, we do not compare URIs */
strcmp(auth_domain, f_domain) == 0) {
/* User and domain matched, check the password */
mkmd5resp(hm->method.p, hm->method.len, hm->uri.p, hm->uri.len, f_ha1,
strlen(f_ha1), nonce, strlen(nonce), nc, strlen(nc), cnonce,
mkmd5resp(
hm->method.p, hm->method.len, hm->uri.p,
hm->uri.len + (hm->query_string.len ? hm->query_string.len + 1 : 0),
f_ha1, strlen(f_ha1), nonce, strlen(nonce), nc, strlen(nc), cnonce,
strlen(cnonce), qop, strlen(qop), expected_response);
return mg_casecmp(response, expected_response) == 0;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment