Merge branch 'bugfix/fix_http_auth_without_qop' into 'master'

fix(esp_http_client): Fix http digest auth without qop

Closes IDFGH-11876

See merge request espressif/esp-idf!28570
This commit is contained in:
Mahavir Jain 2024-01-25 11:48:53 +08:00
commit 0e7908369f
2 changed files with 21 additions and 3 deletions

View File

@ -619,7 +619,6 @@ static esp_err_t esp_http_client_prepare(esp_http_client_handle_t client)
}
client->auth_data->cnonce = ((uint64_t)esp_random() << 32) + esp_random();
auth_response = http_auth_digest(client->connection_info.username, client->connection_info.password, client->auth_data);
client->auth_data->nc ++;
#endif
}

View File

@ -172,19 +172,38 @@ char *http_auth_digest(const char *username, const char *password, esp_http_auth
goto _digest_exit;
}
} else {
/* Although as per RFC-2617, "qop" directive is optional in order to maintain backward compatibality, it is recommended
to use it if the server indicated that qop is supported. This enhancement was introduced to protect against attacks
like chosen-plaintext attack. */
ESP_LOGW(TAG, "\"qop\" directive not found. This may lead to attacks like chosen-plaintext attack");
// response=digest_func(HA1:nonce:HA2)
if (digest_func(digest, "%s:%s:%s", ha1, auth_data->nonce, ha2) <= 0) {
goto _digest_exit;
}
}
int rc = asprintf(&auth_str, "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", algorithm=%s, "
"response=\"%s\", qop=%s, nc=%08x, cnonce=\"%016"PRIx64"\"",
username, auth_data->realm, auth_data->nonce, auth_data->uri, auth_data->algorithm, digest, auth_data->qop, auth_data->nc, auth_data->cnonce);
"response=\"%s\"", username, auth_data->realm, auth_data->nonce, auth_data->uri, auth_data->algorithm, digest);
if (rc < 0) {
ESP_LOGE(TAG, "asprintf() returned: %d", rc);
ret = ESP_FAIL;
goto _digest_exit;
}
if (auth_data->qop) {
rc = asprintf(&temp_auth_str, ", qop=%s, nc=%08x, cnonce=\"%016"PRIx64"\"", auth_data->qop, auth_data->nc, auth_data->cnonce);
if (rc < 0) {
ESP_LOGE(TAG, "asprintf() returned: %d", rc);
ret = ESP_FAIL;
goto _digest_exit;
}
auth_str = http_utils_append_string(&auth_str, temp_auth_str, strlen(temp_auth_str));
if (!auth_str) {
ret = ESP_FAIL;
goto _digest_exit;
}
free(temp_auth_str);
auth_data->nc ++;
}
if (auth_data->opaque) {
rc = asprintf(&temp_auth_str, "%s, opaque=\"%s\"", auth_str, auth_data->opaque);
// Free the previous memory allocated for `auth_str`