Project

General

Profile

Bug #1844 ยป lighttpd-1.4.20-digest_auth.patch

michal.suszycki, 2008-12-12 18:53

View differences:

lighttpd-1.4.20/src/http_auth.c 2008-12-12 17:58:38.000000000 +0000
return -1;
}
/* protect against replay attacks */
if (0 != strncmp(con->request.uri->ptr, uri, con->request.uri->used)) {
log_error_write(srv, __FILE__, __LINE__, "sssbss",
"replay attack? digest uri:", uri, "doesn't match request-uri:",
con->request.uri, ", IP:", inet_ntop_cache_get_ip(srv, &(con->dst_addr)));
buffer_free(b);
return -1;
}
/**
* protect the md5-sess against missing cnonce and nonce
*/
    (1-1/1)