kiss9815 / mongoose

Automatically exported from code.google.com/p/mongoose
MIT License
0 stars 0 forks source link

Possible bug with digest authentication in mongoose 2.11 #230

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Create global .htpasswd, and attempt to authenticate with for instance 
Internet Explorer 8 and firefox 3.6

What is the expected output? What do you see instead?
Firefox will succeed, while IE fails.

What version of the product are you using? On what operating system?
Mongoose 2.11. Client with internet explorer are windows. 

Please provide any additional information below.

Authentication fails because IE has no whitespace in comma separated 
Authorization field in HTTP GET, while Firefox (and all other client I have 
tested with) has whitespace. If I have understood RFC2617 correctly, whitespace 
here is optional, so both browsers are handling the authentication correctly. 
What I have done do fix it is to alter parse_auth_header() by adding comma as a 
delimiter when splitting auth-header into name, value-pairs:
value = skip(&s, ", ");

As far as I can tell this solves the problem completely, and does not add any 
new bugs. 

Original issue reported on code.google.com by zana...@gmail.com on 16 Feb 2011 at 8:59

GoogleCodeExporter commented 9 years ago
Now I noticed that this had been taken care of in the most recent mongoose.c in 
the code repository. Sorry about the noise..I suppose this bug report can be 
closed :)

Original comment by zana...@gmail.com on 16 Feb 2011 at 9:03

GoogleCodeExporter commented 9 years ago
Yes, Arnout had fixed that.

Original comment by valenok on 19 Feb 2011 at 7:36