>Number: 4957
>Category: mod_digest
>Synopsis: mod_auth_digest failed with incorrect nonce value
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Fri Sep 3 09:30:00 PDT 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.9
>Environment:
HP-UX 10.20 (HP-UX hpial41 B.10.20 C 9000/712 2013012526 32-user license)
HP-UX 11.00
>Description:
check_nonce code in mod_auth_digest code does not work correctly in HP-UX CC
compiler where the strcmp(hash, resp->nonce+NONCE_TIME_LEN) always failed.
I modified the mod_auth_digest code to extract the hash from resp->nonce and it
works for HP-UX 10.20 and HPUX 11.0. the diff is below.
>How-To-Repeat:
>Fix:
the attached code should fix it.
*** mod_auth_digest.c.org Fri Sep 3 09:04:19 1999
--- mod_auth_digest.c Fri Sep 3 09:05:45 1999
***************
*** 1332,1338 ****
{
double dt;
time_rec nonce_time;
! char tmp, hash[NONCE_HASH_LEN+1];
if (strlen(resp->nonce) != NONCE_LEN) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
--- 1332,1338 ----
{
double dt;
time_rec nonce_time;
! char tmp, r_hash[NONCE_HASH_LEN+1], hash[NONCE_HASH_LEN+1];
if (strlen(resp->nonce) != NONCE_LEN) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
***************
*** 1342,1347 ****
--- 1342,1351 ----
return AUTH_REQUIRED;
}
+ /*extract the nonce hash code for later use*/
+ memset(r_hash, '\0', NONCE_HASH_LEN+1);
+ strncpy(r_hash, &resp->nonce[NONCE_TIME_LEN],
strlen(resp->nonce)-NONCE_TIME_LEN);
+
tmp = resp->nonce[NONCE_TIME_LEN];
resp->nonce[NONCE_TIME_LEN] = '\0';
ap_base64decode_binary(nonce_time.arr, resp->nonce);
***************
*** 1349,1358 ****
resp->nonce[NONCE_TIME_LEN] = tmp;
resp->nonce_time = nonce_time.time;
! if (strcmp(hash, resp->nonce+NONCE_TIME_LEN)) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"Digest: invalid nonce %s received - hash is not %s",
! resp->nonce, hash);
note_digest_auth_failure(r, conf, resp, 1);
return AUTH_REQUIRED;
}
--- 1353,1362 ----
resp->nonce[NONCE_TIME_LEN] = tmp;
resp->nonce_time = nonce_time.time;
! if (strcmp(hash, r_hash)) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"Digest: invalid nonce %s received - hash is not %s",
! r_hash, hash);
note_digest_auth_failure(r, conf, resp, 1);
return AUTH_REQUIRED;
}
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <[EMAIL PROTECTED]> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
