durusmail: qp: Digest authentication problem
Digest authentication problem
2008-05-09
Maas-Maarten Zeeman
2008-05-09
Maas-Maarten Zeeman
2008-05-09
Binger David
Digest authentication problem
Maas-Maarten Zeeman
2008-05-09
Hello,

The solution is simple. The line:

item_split = item.split('=')

In publish.py, ensure_signed_in_using_digest

Should be:

item_split = item.split('=', 1)

to prevent an extra split on uri's values like uri="/q/p?spam=eggs". If
this happens with the current code the uri is not correctly processed,
and authentication will fail. The fix will prevent this.

Regards,

Maas


> Hello,
>
> Just discovered a digest authentication bug. The bug is triggered when
> the uri contains parameters. If that is the case the
> http_authentication parameters are not parsed correctly, and
> authentication fails. The reason for this is that the parameter line
> is split on the '=', which can in some cases be a valid character in
> the uri itself.
>
> Working on a solution.
>
> Regards,
>
> Maas-Maarten Zeeman
> _______________________________________________
> QP mailing list
> QP@mems-exchange.org
> http://mail.mems-exchange.org/mailman/listinfo/qp
>
>
reply