git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

digest: pass in the user name quoted (as well)

Browse Source 
For cases where the user puts a double quote or backspace in the user
name.

Adjusted test 907 to verify

Reported-by: am-perip on hackerone

Closes #20940
This commit is contained in:
Daniel Stenberg 2026-03-16 16:23:49 +01:00
parent 8423cc8e3b
commit 3e8df37885
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/vauth/digest.c
View File

@ -356,6 +356,7 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
char *spn = NULL;
char *qrealm;
char *qnonce;
char *quserp;
/* Decode the challenge message */
CURLcode result = auth_decode_digest_md5_message(chlg,
@ -469,20 +470,22 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
for(i = 0; i < MD5_DIGEST_LEN; i++)
curl_msnprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
/* escape double quotes and backslashes in the realm and nonce as
/* escape double quotes and backslashes in the username, realm and nonce as
necessary */
qrealm = auth_digest_string_quoted(realm);
qnonce = auth_digest_string_quoted(nonce);
if(qrealm && qnonce)
quserp = auth_digest_string_quoted(userp);
if(qrealm && qnonce && quserp)
/* Generate the response */
response = curl_maprintf("username=\"%s\",realm=\"%s\",nonce=\"%s\","
"cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\","
"response=%s,qop=%s",
userp, qrealm, qnonce,
quserp, qrealm, qnonce,
cnonce, nonceCount, spn, resp_hash_hex, qop);
curlx_free(qrealm);
curlx_free(qnonce);
curlx_free(quserp);
curlx_free(spn);
if(!response)
return CURLE_OUT_OF_MEMORY;

6
tests/data/test907
View File

@ -15,7 +15,7 @@ RFC4954
<servercmd>
AUTH DIGEST-MD5
REPLY AUTH 334 %b64[realm="cu\"rl",nonce="5300d17a1d695bd411e4cdf96f9548c23ced6175",algorithm=md5-sess,qop="auth"]b64%
REPLY %b64[username="user",realm="cu\"rl",nonce="5300d17a1d695bd411e4cdf96f9548c23ced6175",cnonce="34333231353332313633323137333231",nc="00000001",digest-uri="smtp/127.0.0.1",response=b7290e673d2ad888c445c9b2c7698d66,qop=auth]b64% 334 %b64[rspauth=9ea859cb9d90c37ca30d49d35378630c]b64%
REPLY %b64[username="us\"er",realm="cu\"rl",nonce="5300d17a1d695bd411e4cdf96f9548c23ced6175",cnonce="34333231353332313633323137333231",nc="00000001",digest-uri="smtp/127.0.0.1",response=53d3347e1b559d23be78934ae4a78488,qop=auth]b64% 334 %b64[rspauth=9ea859cb9d90c37ca30d49d35378630c]b64%
REPLY 235 Authenticated
</servercmd>
</reply>
@ -41,7 +41,7 @@ SMTP DIGEST-MD5 authentication
mail body
</stdin>
<command>
smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret -T -
smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u "us\"er:secret" -T -
</command>
</client>
@ -50,7 +50,7 @@ smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-fr
<protocol crlf="yes">
EHLO %TESTNUMBER
AUTH DIGEST-MD5
%b64[username="user",realm="cu\"rl",nonce="5300d17a1d695bd411e4cdf96f9548c23ced6175",cnonce="34333231353332313633323137333231",nc="00000001",digest-uri="smtp/127.0.0.1",response=b7290e673d2ad888c445c9b2c7698d66,qop=auth]b64%
%b64[username="us\"er",realm="cu\"rl",nonce="5300d17a1d695bd411e4cdf96f9548c23ced6175",cnonce="34333231353332313633323137333231",nc="00000001",digest-uri="smtp/127.0.0.1",response=53d3347e1b559d23be78934ae4a78488,qop=auth]b64%
MAIL FROM:%LTsender@example.com%GT
RCPT TO:%LTrecipient@example.com%GT