Re: [REVIEW] Carefully verify digest responses

From: Amos Jeffries <>
Date: Wed, 03 Mar 2010 22:19:45 +1300

Henrik Nordstrom wrote:
> First drop of improved digest auth parser.
> Focused on the parser & input validation, but as you can see there is
> further room for improvement by moving more processing over to String.
> The state of the old parser was rather scary.. not even comparing field
> names correctly and several other ugly things...
> Comments are very welcome while I validate the parser changes. Expect to
> submit this for merge in a day or two.
> A note of warning: This changes the quoted-string parser to actually
> parse quoted-string.. which impacts the Surrogate-Control parser. If
> that uses the parsed value to construct a new header then we also need
> to make sure to properly produce quoted-string as the value is now
> normalized as a token (quotes & escapes removed) where it before just
> har the quotes removed.
> Regards
> Henrik

Logic looks okay at face value.
Hope it pans out in the testing. :)

This debugs seems to have incorrect output for the test being done:
+ /* check cnonce */
+ if (!digest_request->cnonce || digest_request->cnonce[0] == '\0') {
+ debugs(29, 2, "authenticateDigestDecode: Missing URI field");


Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24
   Current Beta Squid
Received on Wed Mar 03 2010 - 09:19:53 MST

This archive was generated by hypermail 2.2.0 : Thu Mar 04 2010 - 12:00:07 MST