From 2b9333c4b1e3dffbd078cb4a747cc4254f3aa78f Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov@gmail.com>
Date: Fri, 29 Jan 2010 19:16:18 +0300
Subject: [PATCH 3/3] Initial fix for RHBZ #559620.
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
---
auth.c | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/auth.c b/auth.c
index 3e96037..6283d50 100644
--- a/auth.c
+++ b/auth.c
@@ -223,6 +223,7 @@ int createAuthHeaderMD5(char * user, char * password, int password_len, char * m
static unsigned int mync = 1;
int has_opaque = 0;
MD5_CTX Md5Ctx;
+ char tmpbuf[2048];
// Extract the Auth Type - If not present, using 'none'
cnonce[0] = '\0';
@@ -254,7 +255,8 @@ int createAuthHeaderMD5(char * user, char * password, int password_len, char * m
sprintf(result, "Digest username=\"%s\",realm=\"%s\"",user,tmp);
if (cnonce[0] != '\0') {
- sprintf(result, "%s,cnonce=\"%s\",nc=%s,qop=%s",result,cnonce,nc,authtype);
+ snprintf(tmpbuf, 2048, "%s,cnonce=\"%s\",nc=%s,qop=%s",result,cnonce,nc,authtype);
+ strcpy(result,tmpbuf);
}
// Construct the URI
@@ -284,7 +286,8 @@ int createAuthHeaderMD5(char * user, char * password, int password_len, char * m
MD5_Final(ha2, &Md5Ctx);
hashToHex(&ha2[0], &ha2_hex[0]);
- sprintf(result, "%s,uri=\"%s\"",result,tmp);
+ snprintf(tmpbuf, 2048, "%s,uri=\"%s\"",result,tmp);
+ strcpy(result,tmpbuf);
// Extract the Nonce
if (!getAuthParameter("nonce", auth, tmp, sizeof(tmp))) {
@@ -309,10 +312,12 @@ int createAuthHeaderMD5(char * user, char * password, int password_len, char * m
MD5_Final(resp, &Md5Ctx);
hashToHex(&resp[0], &resp_hex[0]);
- sprintf(result, "%s,nonce=\"%s\",response=\"%s\",algorithm=%s",result,tmp,resp_hex,algo);
+ snprintf(tmpbuf, 2048, "%s,nonce=\"%s\",response=\"%s\",algorithm=%s",result,tmp,resp_hex,algo);
+ strcpy(result,tmpbuf);
if (has_opaque) {
- sprintf(result, "%s,opaque=\"%s\"",result,opaque);
+ snprintf(tmpbuf, 2048, "%s,opaque=\"%s\"",result,opaque);
+ strcpy(result,tmpbuf);
}
return 1;
--
1.6.2.5