Bug #1844 ยป lighttpd-1.4.20-digest_auth.patch
| lighttpd-1.4.20/src/http_auth.c 2008-12-12 17:58:38.000000000 +0000 | ||
|---|---|---|
|
return -1;
|
||
|
}
|
||
|
/* protect against replay attacks */
|
||
|
if (0 != strncmp(con->request.uri->ptr, uri, con->request.uri->used)) {
|
||
|
log_error_write(srv, __FILE__, __LINE__, "sssbss",
|
||
|
"replay attack? digest uri:", uri, "doesn't match request-uri:",
|
||
|
con->request.uri, ", IP:", inet_ntop_cache_get_ip(srv, &(con->dst_addr)));
|
||
|
buffer_free(b);
|
||
|
return -1;
|
||
|
}
|
||
|
/**
|
||
|
* protect the md5-sess against missing cnonce and nonce
|
||
|
*/
|
||