invalid memory read in qop=auth-int "handling"
|Missing in 1.5.x:||No|
When qop == "auth-int" in an HTTP Digest authorization request, A2 is supposed to include an MD5sum of the message body. Currently, lighttpd computes the MD5 of random memory:
li_MD5_Update(&Md5Ctx, (unsigned char *)"", HASHHEXLEN);
This proposed patch correctly computes A2 when qop is "auth-int".
Also available in: Atom