[PATCH] digest-md5 SASL challenges ending with a quoted value are parsed incorrectly

Yann Kerherve yann at cyberion.net
Wed Jan 21 16:05:49 EST 2009


Hi,

In the case where parse_challenge is at the last token of a challenge and
this token has a quoted value, then it needs to rewind one character when
cur is positioned at the terminal NULL.

This fixes an issue where libpurple would parse a realm value (for instance)
as 'myrealm"' instead of 'myrealm' resulting in chaos and failure of the
SASL negotiation.

I've seen this behaviour with Adium from subversion built with the latest
tarball of libpurple. Applying this patch cures the problem (for libpurple
without cyrus-sasl. It looks like stable binaries are built without,
but cyrus-sasl is enabled in 1.4svn)

exemple of challenge:

algorithm=md5-sess,charset=utf-8,cipher="rc4,3des,des,rc4-56,rc4-40",maxbuf=16777215,nonce="e6439a7176aada7255ef04569a664583",qop="auth,auth-conf,auth-int",realm="dev.local"

and bogus response from libpurple:

username="partya",realm="dev.local"",nonce="e6439a7176aada7255ef04569a664583",cnonce="3d19d459123251610177a3ccfe",nc=00000001,qop=auth,digest-uri="xmpp/dev.local"",response=e8061ff7a5342aad60223db62b6f70e7,charset=utf-8


Thanks,

Yann Kerherve


--- a/libpurple/protocols/jabber/auth.c
+++ b/libpurple/protocols/jabber/auth.c
@@ -753,7 +753,7 @@ static GHashTable* parse_challenge(const char *challenge)
                                val_end = cur;
                                while (val_end != val_start &&
(*val_end == ' ' || *val_end == ',' || *val_end == '\t'
                                                || *val_end == '\r' ||
*val_end == '\n'
-                                               || *val_end == '"'))
+                                               || *val_end == '"' ||
*val_end == '\0'))
                                        val_end--;

                                if (val_start != val_end)




More information about the Devel mailing list