Skip Menu |
 

This queue is for tickets about the libwww-perl CPAN distribution.

Report information
The Basics
Id: 20889
Status: resolved
Priority: 0/
Queue: libwww-perl

People
Owner: Nobody in particular
Requestors: perl [...] intertivityNOSP4M.com
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in: 5.805
Fixed in: (no value)



Subject: Error in Authentication Digest Implementation
Download (untitled) / with headers
text/plain 821b
Hi, RFC 2617 says to calculate the digest of the body only if the auth-int is set in the qop option. The current version of LWP::Authen::Digest just ignores this and caculates the digest always when the method is POST or PUT. The following lines will fix it: my %resp = map { $_ => $auth_param->{$_} } qw(realm nonce opaque); @resp{qw(username uri response algorithm)} = ($user, $uri, $digest, "MD5"); # changes start here my $auth_qop = $auth_param->{qop} || ""; if ($auth_qop eq "auth") { @resp{qw(qop cnonce nc)} = ("auth", $cnonce, $nc); } my(@order) = qw(username realm qop algorithm uri nonce nc cnonce response); if($request->method =~ /^(?:POST|PUT)$/ && $auth_qop eq 'auth- int' ) { # changes end here $md5->add($request->content); my $content = $md5->hexdigest; HTH esskar


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.