http_auth.c: Fix crash when opaque field is not present in challenge string

Closes: https://github.com/espressif/esp-idf/issues/5888
This commit is contained in:
Shubham Kulkarni 2020-10-01 14:32:50 +05:30
parent b951b5adec
commit 465d911052

View File

@ -72,6 +72,7 @@ char *http_auth_digest(const char *username, const char *password, esp_http_auth
char *ha1, *ha2 = NULL;
char *digest = NULL;
char *auth_str = NULL;
char *temp_auth_str = NULL;
if (username == NULL ||
password == NULL ||
@ -123,8 +124,13 @@ char *http_auth_digest(const char *username, const char *password, esp_http_auth
}
}
asprintf(&auth_str, "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", algorithm=\"MD5\", "
"response=\"%s\", opaque=\"%s\", qop=%s, nc=%08x, cnonce=\"%016llx\"",
username, auth_data->realm, auth_data->nonce, auth_data->uri, digest, auth_data->opaque, auth_data->qop, auth_data->nc, auth_data->cnonce);
"response=\"%s\", qop=%s, nc=%08x, cnonce=\"%016llx\"",
username, auth_data->realm, auth_data->nonce, auth_data->uri, digest, auth_data->qop, auth_data->nc, auth_data->cnonce);
if (auth_data->opaque) {
asprintf(&temp_auth_str, "%s, opaque=\"%s\"", auth_str, auth_data->opaque);
free(auth_str);
auth_str = temp_auth_str;
}
_digest_exit:
free(ha1);
free(ha2);