From ed606e1323ca7243308237256e80c3a9cb500874 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Bri=C3=A8re?= Date: Sat, 21 Sep 2019 11:24:11 -0400 Subject: Support multiple WWW-Authenticate/Proxy-Authenticate headers The server may send multiple WWW-Authenticate/Proxy-Authenticate headers, with different digest algorithms, in decreasing order of preference. We must therefore avoid overwriting any supported challenge once we've got a hold of one. Closes #162 --- src/parser/hdr_www_authenticate.cpp | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/parser/hdr_www_authenticate.cpp b/src/parser/hdr_www_authenticate.cpp index ae87e99..2deb787 100644 --- a/src/parser/hdr_www_authenticate.cpp +++ b/src/parser/hdr_www_authenticate.cpp @@ -17,10 +17,23 @@ #include "hdr_www_authenticate.h" #include "definitions.h" +#include "util.h" t_hdr_www_authenticate::t_hdr_www_authenticate() : t_header("WWW-Authenticate") {} void t_hdr_www_authenticate::set_challenge(const t_challenge &c) { + // The server may send multiple WWW-Authenticate/Proxy-Authenticate + // headers, with different digest algorithms, in decreasing order of + // preference. We must therefore avoid overwriting any supported + // challenge once we've got a hold of one. (We don't simply ignore + // all unsupported challenges, however, just in case the server forgot + // to include a Digest challenge.) + if (populated) { + // Don't overwrite the previous challenge if it was supported + if (cmp_nocase(challenge.auth_scheme, AUTH_DIGEST) == 0) { + return; + } + } populated = true; challenge = c; } -- cgit v1.2.3