]>
Commit | Line | Data |
---|---|---|
3bc1351d JR |
1 | Pulled from CVS, Ident strings removed to let the patch apply pretty cleanly. |
2 | ||
3 | =================================================================== | |
4 | RCS file: /afs/andrew.cmu.edu/system/cvs/src/sasl/plugins/digestmd5.c,v | |
5 | retrieving revision 1.183 | |
6 | retrieving revision 1.184 | |
7 | diff -u -r1.183 -r1.184 | |
8 | --- src/sasl/plugins/digestmd5.c 2006/11/27 20:41:55 1.183 | |
9 | +++ src/sasl/plugins/digestmd5.c 2007/02/14 17:16:14 1.184 | |
10 | @@ -556,12 +556,17 @@ | |
11 | return SASL_OK; | |
12 | } | |
13 | ||
14 | +static int is_lws_char (char c) | |
15 | +{ | |
16 | + return (c == ' ' || c == HT || c == CR || c == LF); | |
17 | +} | |
18 | + | |
19 | static char *skip_lws (char *s) | |
20 | { | |
21 | if (!s) return NULL; | |
22 | ||
23 | /* skipping spaces: */ | |
24 | - while (s[0] == ' ' || s[0] == HT || s[0] == CR || s[0] == LF) { | |
25 | + while (is_lws_char(s[0])) { | |
26 | if (s[0] == '\0') break; | |
27 | s++; | |
28 | } | |
29 | @@ -750,17 +755,30 @@ | |
30 | static void get_pair(char **in, char **name, char **value) | |
31 | { | |
32 | char *endpair; | |
33 | - /* int inQuotes; */ | |
34 | char *curp = *in; | |
35 | *name = NULL; | |
36 | *value = NULL; | |
37 | ||
38 | if (curp == NULL) return; | |
39 | - if (curp[0] == '\0') return; | |
40 | - | |
41 | - /* skipping spaces: */ | |
42 | - curp = skip_lws(curp); | |
43 | - | |
44 | + | |
45 | + while (curp[0] != '\0') { | |
46 | + /* skipping spaces: */ | |
47 | + curp = skip_lws(curp); | |
48 | + | |
49 | + /* 'LWS "," LWS "," ...' is allowed by the DIGEST-MD5 ABNF */ | |
50 | + if (curp[0] == ',') { | |
51 | + curp++; | |
52 | + } else { | |
53 | + break; | |
54 | + } | |
55 | + } | |
56 | + | |
57 | + if (curp[0] == '\0') { | |
58 | + /* End of the string is not an error */ | |
59 | + *name = ""; | |
60 | + return; | |
61 | + } | |
62 | + | |
63 | *name = curp; | |
64 | ||
65 | curp = skip_token(curp,1); | |
66 | @@ -787,22 +805,24 @@ | |
67 | endpair = unquote (curp); | |
68 | if (endpair == NULL) { /* Unbalanced quotes */ | |
69 | *name = NULL; | |
70 | + *value = NULL; | |
71 | return; | |
72 | } | |
73 | - if (endpair[0] != ',') { | |
74 | - if (endpair[0]!='\0') { | |
75 | - *endpair++ = '\0'; | |
76 | - } | |
77 | + | |
78 | + /* An optional LWS is allowed after the value. Skip it. */ | |
79 | + if (is_lws_char (endpair[0])) { | |
80 | + /* Remove the trailing LWS from the value */ | |
81 | + *endpair++ = '\0'; | |
82 | + endpair = skip_lws(endpair); | |
83 | } | |
84 | - | |
85 | - endpair = skip_lws(endpair); | |
86 | - | |
87 | + | |
88 | /* syntax check: MUST be '\0' or ',' */ | |
89 | if (endpair[0] == ',') { | |
90 | endpair[0] = '\0'; | |
91 | endpair++; /* skipping <,> */ | |
92 | } else if (endpair[0] != '\0') { | |
93 | *name = NULL; | |
94 | + *value = NULL; | |
95 | return; | |
96 | } | |
97 | ||
98 | @@ -2090,9 +2110,17 @@ | |
99 | char *name = NULL, *value = NULL; | |
100 | get_pair(&in, &name, &value); | |
101 | ||
102 | - if (name == NULL) | |
103 | - break; | |
104 | + if (name == NULL) { | |
105 | + SETERROR(sparams->utils, | |
106 | + "Parse error"); | |
107 | + result = SASL_BADAUTH; | |
108 | + goto FreeAllMem; | |
109 | + } | |
110 | ||
111 | + if (*name == '\0') { | |
112 | + break; | |
113 | + } | |
114 | + | |
115 | /* Extracting parameters */ | |
116 | ||
117 | /* | |
118 | @@ -3222,10 +3250,14 @@ | |
119 | /* if parse error */ | |
120 | if (name == NULL) { | |
121 | params->utils->seterror(params->utils->conn, 0, "Parse error"); | |
122 | - result = SASL_FAIL; | |
123 | + result = SASL_BADAUTH; | |
124 | goto FreeAllocatedMem; | |
125 | } | |
126 | ||
127 | + if (*name == '\0') { | |
128 | + break; | |
129 | + } | |
130 | + | |
131 | if (strcasecmp(name, "realm") == 0) { | |
132 | nrealm++; | |
133 | ||
134 | @@ -3887,9 +3919,14 @@ | |
135 | if (name == NULL) { | |
136 | params->utils->seterror(params->utils->conn, 0, | |
137 | "DIGEST-MD5 Received Garbage"); | |
138 | + result = SASL_BADAUTH; | |
139 | break; | |
140 | } | |
141 | ||
142 | + if (*name == '\0') { | |
143 | + break; | |
144 | + } | |
145 | + | |
146 | if (strcasecmp(name, "rspauth") == 0) { | |
147 | ||
148 | if (strcmp(text->response_value, value) != 0) { |