Bug #2410

digest-md5 auth is wrongly implemented

Added by dmaciejak about 2 years ago. Updated about 2 years ago.

Status:FixedStart date:2012-04-11
Priority:UrgentDue date:
Assignee:-% Done:

100%

Category:mod_authEstimated time:1.00 hour
Target version:1.4.31
Missing in 1.5.x:No

Description

hi,

i was digging in rfc since weeks about an issue i have in another project,
seems your is also affected. the issue appears in HA1 computation with md5-sess algo
in http_auth.c (about lines 1096)

if (algorithm &&
strcasecmp(algorithm, "md5-sess") == 0) {
//here there is a missing call to CvtHex(HA1, xxx);
li_MD5_Init(&Md5Ctx);
li_MD5_Update(&Md5Ctx, (unsigned char *)HA1, 16); //here the size is now 32bytes
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
li_MD5_Update(&Md5Ctx, (unsigned char *)nonce, strlen(nonce));
li_MD5_Update(&Md5Ctx, (unsigned char *)":", 1);
li_MD5_Update(&Md5Ctx, (unsigned char *)cnonce, strlen(cnonce));
li_MD5_Final(HA1, &Md5Ctx);
}
CvtHex(HA1, a1);

as the HA1 needs to be converted to an hex string of 32 bytes.
See errata 1649 at http://www.rfc-editor.org/errata_search.php?rfc=2617 for more info

regards,
david maciejak

Associated revisions

Revision 2832
Added by stbuehler about 2 years ago

[mod_auth] Fix digest "md5-sess" implementation (Errata ID 1649, RFC 2617) (fixes #2410)

History

#1 Updated by stbuehler about 2 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2832.

#2 Updated by stbuehler about 2 years ago

  • Target version set to 1.4.31

Also available in: Atom