romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-15 03:51:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

digest: escape double quotes and backslashes in realm and nonce

Browse source 
change test 907 to use quote in realm to verify

Fixes #20482
Reported-by: cooldadpresident on github
Closes #20545
This commit is contained in:
Daniel Stenberg 2026-02-08 12:30:09 +01:00
parent afe9fdd1eb
commit 950c7bb174
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
2 changed files with 19 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

22
lib/vauth/digest.c
View file

@ -354,6 +354,8 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
char method[] = "AUTHENTICATE";
char qop[] = DIGEST_QOP_VALUE_STRING_AUTH;
char *spn = NULL;
char *qrealm;
char *qnonce;
/* Decode the challenge message */
CURLcode result = auth_decode_digest_md5_message(chlg,
@ -467,12 +469,20 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
for(i = 0; i < MD5_DIGEST_LEN; i++)
curl_msnprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
/* Generate the response */
response = curl_maprintf("username=\"%s\",realm=\"%s\",nonce=\"%s\","
"cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\","
"response=%s,qop=%s",
userp, realm, nonce,
cnonce, nonceCount, spn, resp_hash_hex, qop);
/* escape double quotes and backslashes in the realm and nonce as
necessary */
qrealm = auth_digest_string_quoted(realm);
qnonce = auth_digest_string_quoted(nonce);
if(qrealm && qnonce)
/* Generate the response */
response = curl_maprintf("username=\"%s\",realm=\"%s\",nonce=\"%s\","
"cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\","
"response=%s,qop=%s",
userp, qrealm, qnonce,
cnonce, nonceCount, spn, resp_hash_hex, qop);
curlx_free(qrealm);
curlx_free(qnonce);
curlx_free(spn);
if(!response)
return CURLE_OUT_OF_MEMORY;

6
tests/data/test907
View file

@ -14,8 +14,8 @@ RFC4954
<reply>
<servercmd>
AUTH DIGEST-MD5
REPLY AUTH 334 %b64[realm="curl",nonce="5300d17a1d695bd411e4cdf96f9548c23ced6175",algorithm=md5-sess,qop="auth"]b64%
REPLY %b64[username="user",realm="curl",nonce="5300d17a1d695bd411e4cdf96f9548c23ced6175",cnonce="34333231353332313633323137333231",nc="00000001",digest-uri="smtp/127.0.0.1",response=a27c4395f3386743be12207b7d1121c5,qop=auth]b64% 334 %b64[rspauth=9ea859cb9d90c37ca30d49d35378630c]b64%
REPLY AUTH 334 %b64[realm="cu\"rl",nonce="5300d17a1d695bd411e4cdf96f9548c23ced6175",algorithm=md5-sess,qop="auth"]b64%
REPLY %b64[username="user",realm="cu\"rl",nonce="5300d17a1d695bd411e4cdf96f9548c23ced6175",cnonce="34333231353332313633323137333231",nc="00000001",digest-uri="smtp/127.0.0.1",response=b7290e673d2ad888c445c9b2c7698d66,qop=auth]b64% 334 %b64[rspauth=9ea859cb9d90c37ca30d49d35378630c]b64%
REPLY 235 Authenticated
</servercmd>
</reply>
@ -50,7 +50,7 @@ smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-fr
<protocol crlf="yes">
EHLO %TESTNUMBER
AUTH DIGEST-MD5
%b64[username="user",realm="curl",nonce="5300d17a1d695bd411e4cdf96f9548c23ced6175",cnonce="34333231353332313633323137333231",nc="00000001",digest-uri="smtp/127.0.0.1",response=a27c4395f3386743be12207b7d1121c5,qop=auth]b64%
%b64[username="user",realm="cu\"rl",nonce="5300d17a1d695bd411e4cdf96f9548c23ced6175",cnonce="34333231353332313633323137333231",nc="00000001",digest-uri="smtp/127.0.0.1",response=b7290e673d2ad888c445c9b2c7698d66,qop=auth]b64%
MAIL FROM:%LTsender@example.com%GT
RCPT TO:%LTrecipient@example.com%GT