3party/mongoose
0
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2024-12-27 15:01:03 +08:00
Code Issues Projects Releases Wiki Activity

Digest auth fixes

Browse Source 
PUBLISHED_FROM=dda24a5bdb42848a74460865dd23794941b46bd4
This commit is contained in:
Deomid Ryabkov 2016-03-01 09:52:13 +00:00 committed by rojer
parent 8a5f8439b4
commit c18828af7b
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
mongoose.c
View File

@ -5917,7 +5917,7 @@ int mg_http_create_digest_auth_header(char *buf, size_t buf_len,
static int check_nonce(const char *nonce) {
unsigned long now = (unsigned long) time(NULL);
unsigned long val = (unsigned long) strtoul(nonce, NULL, 16);
return 1 || now < val || now - val < 3600;
return now < val || now - val < 3600;
}
/*
@ -5956,9 +5956,11 @@ static int mg_http_check_digest_auth(struct http_message *hm,
/* NOTE(lsm): due to a bug in MSIE, we do not compare URIs */
strcmp(auth_domain, f_domain) == 0) {
/* User and domain matched, check the password */
mkmd5resp(hm->method.p, hm->method.len, hm->uri.p, hm->uri.len, f_ha1,
strlen(f_ha1), nonce, strlen(nonce), nc, strlen(nc), cnonce,
strlen(cnonce), qop, strlen(qop), expected_response);
mkmd5resp(
hm->method.p, hm->method.len, hm->uri.p,
hm->uri.len + (hm->query_string.len ? hm->query_string.len + 1 : 0),
f_ha1, strlen(f_ha1), nonce, strlen(nonce), nc, strlen(nc), cnonce,
strlen(cnonce), qop, strlen(qop), expected_response);
return mg_casecmp(response, expected_response) == 0;
}
}