Partial fix for issue#209: don't crash when some Authorization fields are missing.

parent aef344f0
...@@ -1983,6 +1983,12 @@ static int check_password(const char *method, const char *ha1, const char *uri, ...@@ -1983,6 +1983,12 @@ static int check_password(const char *method, const char *ha1, const char *uri,
const char *qop, const char *response) { const char *qop, const char *response) {
char ha2[32 + 1], expected_response[32 + 1]; char ha2[32 + 1], expected_response[32 + 1];
// Some of the parameters may be NULL
if (method == NULL || nonce == NULL || nc == NULL || cnonce == NULL ||
qop == NULL || response == NULL) {
return 0;
}
// NOTE(lsm): due to a bug in MSIE, we do not compare the URI // NOTE(lsm): due to a bug in MSIE, we do not compare the URI
// TODO(lsm): check for authentication timeout // TODO(lsm): check for authentication timeout
if (// strcmp(dig->uri, c->ouri) != 0 || if (// strcmp(dig->uri, c->ouri) != 0 ||
...@@ -2095,6 +2101,8 @@ static int parse_auth_header(struct mg_connection *conn, char *buf, ...@@ -2095,6 +2101,8 @@ static int parse_auth_header(struct mg_connection *conn, char *buf,
// CGI needs it as REMOTE_USER // CGI needs it as REMOTE_USER
if (ah->user != NULL) { if (ah->user != NULL) {
conn->request_info.remote_user = mg_strdup(ah->user); conn->request_info.remote_user = mg_strdup(ah->user);
} else {
return 0;
} }
return 1; return 1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment