diff options
author | Claudio Saavedra <csaavedra@igalia.com> | 2018-03-13 20:07:05 +0200 |
---|---|---|
committer | Claudio Saavedra <csaavedra@igalia.com> | 2018-03-17 10:33:17 +0200 |
commit | fedaa0f770a664646a978c9c9258de1cec0c695e (patch) | |
tree | 50cbe47804916af088922d26a2c74d59a908a232 /libsoup | |
parent | 0007d164002572cbd770dab8e0a36b00dba437eb (diff) | |
download | libsoup-fedaa0f770a664646a978c9c9258de1cec0c695e.tar.gz |
SoupAuthDomainDigest: Fix authentication with encoded uris
When the client is using absolute paths for Digest authentication,
we need to make sure that the digest URI is not encoded before
comparing it to the request URI, as some clients might provide
URIs encoded and SoupURI might already have decoded the request
URI.
Also modify server-auth-test.c to make this problem reproducible
and add a couple of test cases to make sure we don't regress.
https://bugzilla.gnome.org/show_bug.cgi?id=794208
Diffstat (limited to 'libsoup')
-rw-r--r-- | libsoup/soup-auth-domain-digest.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/libsoup/soup-auth-domain-digest.c b/libsoup/soup-auth-domain-digest.c index 5cb43150..8bdb5613 100644 --- a/libsoup/soup-auth-domain-digest.c +++ b/libsoup/soup-auth-domain-digest.c @@ -214,15 +214,20 @@ check_hex_urp (SoupAuthDomain *domain, SoupMessage *msg, return FALSE; } soup_uri_free (dig_uri); - } else { + } else { char *req_path; + char *dig_path; req_path = soup_uri_to_string (req_uri, TRUE); - if (strcmp (uri, req_path) != 0) { + dig_path = soup_uri_decode (uri); + + if (strcmp (dig_path, req_path) != 0) { g_free (req_path); + g_free (dig_path); return FALSE; } g_free (req_path); + g_free (dig_path); } /* Check qop; we only support "auth" for now */ |