[packages/cyrus-sasl.git] / cyrus-sasl-digest-commas.patch

Pulled from CVS,  Ident strings removed to let the patch apply pretty cleanly.

===================================================================
RCS file: /afs/andrew.cmu.edu/system/cvs/src/sasl/plugins/digestmd5.c,v
retrieving revision 1.183
retrieving revision 1.184
diff -u -r1.183 -r1.184
--- src/sasl/plugins/digestmd5.c	2006/11/27 20:41:55	1.183
+++ src/sasl/plugins/digestmd5.c	2007/02/14 17:16:14	1.184
@@ -556,12 +556,17 @@
     return SASL_OK;
 }
 
+static int is_lws_char (char c)
+{
+    return (c == ' ' || c == HT || c == CR || c == LF);
+}
+
 static char *skip_lws (char *s)
 {
     if (!s) return NULL;
     
     /* skipping spaces: */
-    while (s[0] == ' ' || s[0] == HT || s[0] == CR || s[0] == LF) {
+    while (is_lws_char(s[0])) {
 	if (s[0] == '\0') break;
 	s++;
     }  
@@ -750,17 +755,30 @@
 static void get_pair(char **in, char **name, char **value)
 {
     char  *endpair;
-    /* int    inQuotes; */
     char  *curp = *in;
     *name = NULL;
     *value = NULL;
     
     if (curp == NULL) return;
-    if (curp[0] == '\0') return;
-    
-    /* skipping spaces: */
-    curp = skip_lws(curp);
-    
+
+    while (curp[0] != '\0') {
+	/* skipping spaces: */
+	curp = skip_lws(curp);
+        
+	/* 'LWS "," LWS "," ...' is allowed by the DIGEST-MD5 ABNF */
+	if (curp[0] == ',') {
+	    curp++;
+	} else {
+	    break;
+	}
+    }
+
+    if (curp[0] == '\0') {
+	/* End of the string is not an error */
+	*name = "";
+	return;
+    }
+
     *name = curp;
     
     curp = skip_token(curp,1);
@@ -787,22 +805,24 @@
     endpair = unquote (curp);
     if (endpair == NULL) { /* Unbalanced quotes */ 
 	*name = NULL;
+	*value = NULL;
 	return;
     }
-    if (endpair[0] != ',') {
-	if (endpair[0]!='\0') {
-	    *endpair++ = '\0'; 
-	}
+
+    /* An optional LWS is allowed after the value. Skip it. */
+    if (is_lws_char (endpair[0])) {
+	/* Remove the trailing LWS from the value */
+	*endpair++ = '\0'; 
+	endpair = skip_lws(endpair);
     }
-    
-    endpair = skip_lws(endpair);
-    
+
     /* syntax check: MUST be '\0' or ',' */  
     if (endpair[0] == ',') {
 	endpair[0] = '\0';
 	endpair++; /* skipping <,> */
     } else if (endpair[0] != '\0') { 
 	*name = NULL;
+	*value = NULL;
 	return;
     }
     
@@ -2090,9 +2110,17 @@
 	char           *name = NULL, *value = NULL;
 	get_pair(&in, &name, &value);
 	
-	if (name == NULL)
-	    break;
+	if (name == NULL) {
+	    SETERROR(sparams->utils,
+		     "Parse error");
+	    result = SASL_BADAUTH;
+	    goto FreeAllMem;
+	}
 	
+	if (*name == '\0') {
+	    break;
+	}
+
 	/* Extracting parameters */
 	
 	/*
@@ -3222,10 +3250,14 @@
 	/* if parse error */
 	if (name == NULL) {
 	    params->utils->seterror(params->utils->conn, 0, "Parse error");
-	    result = SASL_FAIL;
+	    result = SASL_BADAUTH;
 	    goto FreeAllocatedMem;
 	}
 	
+	if (*name == '\0') {
+	    break;
+	}
+
 	if (strcasecmp(name, "realm") == 0) {
 	    nrealm++;
 	    
@@ -3887,9 +3919,14 @@
 	if (name == NULL) {
 	    params->utils->seterror(params->utils->conn, 0,
 				    "DIGEST-MD5 Received Garbage");
+	    result = SASL_BADAUTH;
 	    break;
 	}
 	
+	if (*name == '\0') {
+	    break;
+	}
+
 	if (strcasecmp(name, "rspauth") == 0) {
 	    
 	    if (strcmp(text->response_value, value) != 0) {
Commit	Line	Data
3bc1351d JR	1	Pulled from CVS, Ident strings removed to let the patch apply pretty cleanly.
	2
	3	===================================================================
	4	RCS file: /afs/andrew.cmu.edu/system/cvs/src/sasl/plugins/digestmd5.c,v
	5	retrieving revision 1.183
	6	retrieving revision 1.184
	7	diff -u -r1.183 -r1.184
	8	--- src/sasl/plugins/digestmd5.c 2006/11/27 20:41:55 1.183
	9	+++ src/sasl/plugins/digestmd5.c 2007/02/14 17:16:14 1.184
	10	@@ -556,12 +556,17 @@
	11	return SASL_OK;
	12	}
	13
	14	+static int is_lws_char (char c)
	15	+{
	16	+ return (c == ' ' \|\| c == HT \|\| c == CR \|\| c == LF);
	17	+}
	18	+
	19	static char skip_lws (char s)
	20	{
	21	if (!s) return NULL;
	22
	23	/* skipping spaces: */
	24	- while (s[0] == ' ' \|\| s[0] == HT \|\| s[0] == CR \|\| s[0] == LF) {
	25	+ while (is_lws_char(s[0])) {
	26	if (s[0] == '\0') break;
	27	s++;
	28	}
	29	@@ -750,17 +755,30 @@
	30	static void get_pair(char in, char name, char **value)
	31	{
	32	char *endpair;
	33	- /* int inQuotes; */
	34	char curp = in;
	35	*name = NULL;
	36	*value = NULL;
	37
	38	if (curp == NULL) return;
	39	- if (curp[0] == '\0') return;
	40	-
	41	- /* skipping spaces: */
	42	- curp = skip_lws(curp);
	43	-
	44	+
	45	+ while (curp[0] != '\0') {
	46	+ /* skipping spaces: */
	47	+ curp = skip_lws(curp);
	48	+
	49	+ /* 'LWS "," LWS "," ...' is allowed by the DIGEST-MD5 ABNF */
	50	+ if (curp[0] == ',') {
	51	+ curp++;
	52	+ } else {
	53	+ break;
	54	+ }
	55	+ }
	56	+
	57	+ if (curp[0] == '\0') {
	58	+ /* End of the string is not an error */
	59	+ *name = "";
	60	+ return;
	61	+ }
	62	+
	63	*name = curp;
	64
65	curp = skip_token(curp,1);
66	@@ -787,22 +805,24 @@
67	endpair = unquote (curp);
68	if (endpair == NULL) { /* Unbalanced quotes */
69	*name = NULL;
70	+ *value = NULL;
71	return;
72	}
73	- if (endpair[0] != ',') {
74	- if (endpair[0]!='\0') {
75	- *endpair++ = '\0';
76	- }
77	+
78	+ /* An optional LWS is allowed after the value. Skip it. */
79	+ if (is_lws_char (endpair[0])) {
80	+ /* Remove the trailing LWS from the value */
81	+ *endpair++ = '\0';
82	+ endpair = skip_lws(endpair);
83	}
84	-
85	- endpair = skip_lws(endpair);
86	-
87	+
88	/* syntax check: MUST be '\0' or ',' */
89	if (endpair[0] == ',') {
90	endpair[0] = '\0';
91	endpair++; /* skipping <,> */
92	} else if (endpair[0] != '\0') {
93	*name = NULL;
94	+ *value = NULL;
95	return;
96	}
97
98	@@ -2090,9 +2110,17 @@
99	char name = NULL, value = NULL;
100	get_pair(&in, &name, &value);
101
102	- if (name == NULL)
103	- break;
104	+ if (name == NULL) {
105	+ SETERROR(sparams->utils,
106	+ "Parse error");
107	+ result = SASL_BADAUTH;
108	+ goto FreeAllMem;
109	+ }
110
111	+ if (*name == '\0') {
112	+ break;
113	+ }
114	+
115	/* Extracting parameters */
116
117	/*
118	@@ -3222,10 +3250,14 @@
119	/* if parse error */
120	if (name == NULL) {
121	params->utils->seterror(params->utils->conn, 0, "Parse error");
122	- result = SASL_FAIL;
123	+ result = SASL_BADAUTH;
124	goto FreeAllocatedMem;
125	}
126
127	+ if (*name == '\0') {
128	+ break;
129	+ }
130	+
131	if (strcasecmp(name, "realm") == 0) {
132	nrealm++;
133
134	@@ -3887,9 +3919,14 @@
135	if (name == NULL) {
136	params->utils->seterror(params->utils->conn, 0,
137	"DIGEST-MD5 Received Garbage");
138	+ result = SASL_BADAUTH;
139	break;
140	}
141
142	+ if (*name == '\0') {
143	+ break;
144	+ }
145	+
146	if (strcasecmp(name, "rspauth") == 0) {
147
148	if (strcmp(text->response_value, value) != 0) {