<p>Jaco Kroon has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/8933">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">manager: fix digest auth for ami/http mechanisms.<br><br>ASTERISK-27841<br><br>Change-Id: I8bc5d148fd1ee6687a0f6680635ad16e34c5f01a<br>---<br>M main/manager.c<br>1 file changed, 20 insertions(+), 10 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/33/8933/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/main/manager.c b/main/manager.c<br>index 577c7f9..f7cbdfe 100644<br>--- a/main/manager.c<br>+++ b/main/manager.c<br>@@ -8006,22 +8006,32 @@<br> <br> /* compute the expected response to compare with what we received */<br> {<br>- char a2[256];<br>+ char *a2;<br> char a2_hash[256];<br> char resp[256];<br>+ int a2len;<br> <br> /* XXX Now request method are hardcoded in A2 */<br>- snprintf(a2, sizeof(a2), "%s:%s", ast_get_http_method(method), d.uri);<br>- ast_md5_hash(a2_hash, a2);<br>+ a2len = snprintf(NULL, 0, "%s:%s", ast_get_http_method(method), d.uri);<br>+ if (a2len < 0) {<br>+ *resp_hash = 0;<br>+ ast_log(LOG_ERROR, "Failed to compute alloc length for manager digest auth calculation for %s:%s.\n", ast_get_http_method(method), d.uri);<br>+ } else {<br>+ a2 = alloca(a2len + 1);<br>+ snprintf(a2, a2len + 1, "%s:%s", ast_get_http_method(method), d.uri);<br>+ ast_md5_hash(a2_hash, a2);<br> <br>- if (d.qop) {<br>- /* RFC 2617 */<br>- snprintf(resp, sizeof(resp), "%s:%08lx:%s:%s:auth:%s", user->a1_hash, nonce, d.nc, d.cnonce, a2_hash);<br>- } else {<br>- /* RFC 2069 */<br>- snprintf(resp, sizeof(resp), "%s:%08lx:%s", user->a1_hash, nonce, a2_hash);<br>+ if (d.qop) {<br>+ /* RFC 2617 */<br>+ if (snprintf(resp, sizeof(resp), "%s:%08lx:%s:%s:auth:%s", user->a1_hash, nonce, d.nc, d.cnonce, a2_hash) >= sizeof(resp))<br>+ ast_log(LOG_ERROR, "snprintf overflow issue for RFC 2167 handling in digest auth.\n");<br>+ } else {<br>+ /* RFC 2069 */<br>+ if (snprintf(resp, sizeof(resp), "%s:%08lx:%s", user->a1_hash, nonce, a2_hash) >= sizeof(resp))<br>+ ast_log(LOG_ERROR, "snprintf overflow issue for RFC 2069 handling in digest auth.\n");<br>+ }<br>+ ast_md5_hash(resp_hash, resp);<br> }<br>- ast_md5_hash(resp_hash, resp);<br> }<br> <br> if (strncasecmp(d.response, resp_hash, strlen(resp_hash))) {<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/8933">change 8933</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/8933"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I8bc5d148fd1ee6687a0f6680635ad16e34c5f01a </div>
<div style="display:none"> Gerrit-Change-Number: 8933 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Jaco Kroon <jaco@uls.co.za> </div>