[Pidgin] #8206: digest-md5 SASL challenges ending with a quoted value are parsed incorrectly (with cyrus-sasl disabled)
Pidgin
trac at pidgin.im
Wed Jan 21 16:50:44 EST 2009
#8206: digest-md5 SASL challenges ending with a quoted value are parsed
incorrectly (with cyrus-sasl disabled)
------------------+---------------------------------------------------------
Reporter: yann | Type: defect
Status: new | Component: libpurple
Version: 2.5.4 | Keywords: sasl digest-md5 challenge quote
------------------+---------------------------------------------------------
In the case where parse_challenge is at the last token of a challenge and
this token has a quoted value, then it needs to rewind one character when
cur is positioned at the terminal NULL.
This fixes an issue where libpurple would parse a realm value (for
instance) as 'myrealm"' instead of 'myrealm' resulting in chaos and
failure of the SASL negotiation.
I've seen this behaviour with Adium from subversion built with the latest
tarball of libpurple. Applying this patch cures the problem (for libpurple
without cyrus-sasl. It looks like stable binaries are built without, but
cyrus-sasl is enabled in 1.4svn)
exemple of challenge:
algorithm=md5-sess,charset=utf-8,cipher="rc4,3des,des,rc4-56,rc4-40",maxbuf=16777215,nonce="e6439a7176aada7255ef04569a664583",qop="auth
,auth-conf,auth-int",realm="dev.local"
and bogus response from libpurple:
username="partya",realm="dev.local"",nonce="e6439a7176aada7255ef04569a664583",cnonce="3d19d459123251610177a3ccfe",nc=00000001,qop=auth
,digest-
uri="xmpp/dev.local"",response=e8061ff7a5342aad60223db62b6f70e7,charset=utf-8
Thanks,
Yann Kerherve
--
Ticket URL: <http://developer.pidgin.im/ticket/8206>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list