http_auth.c: Fix crash when opaque field is not present in challenge string

Closes: https://github.com/espressif/esp-idf/issues/5888
2024-10-05 20:47:46 -04:00 · 2020-10-01 14:32:50 +05:30 · 2020-10-01 14:32:50 +05:30 · 670144ed7c
commit 670144ed7c
parent 3194bba14d
1 changed files with 8 additions and 2 deletions
--- a/components/esp_http_client/lib/http_auth.c
+++ b/components/esp_http_client/lib/http_auth.c
@ -72,6 +72,7 @@ char *http_auth_digest(const char *username, const char *password, esp_http_auth
    char *ha1, *ha2 = NULL;
    char *digest = NULL;
    char *auth_str = NULL;
+    char *temp_auth_str = NULL;

    if (username == NULL ||
        password == NULL ||
@ -123,8 +124,13 @@ char *http_auth_digest(const char *username, const char *password, esp_http_auth
        }
    }
    asprintf(&auth_str, "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", algorithm=\"MD5\", "
-             "response=\"%s\", opaque=\"%s\", qop=%s, nc=%08x, cnonce=\"%016llx\"",
-             username, auth_data->realm, auth_data->nonce, auth_data->uri, digest, auth_data->opaque, auth_data->qop, auth_data->nc, auth_data->cnonce);
+             "response=\"%s\", qop=%s, nc=%08x, cnonce=\"%016llx\"",
+             username, auth_data->realm, auth_data->nonce, auth_data->uri, digest, auth_data->qop, auth_data->nc, auth_data->cnonce);
+    if (auth_data->opaque) {
+        asprintf(&temp_auth_str, "%s, opaque=\"%s\"", auth_str, auth_data->opaque);
+        free(auth_str);
+        auth_str = temp_auth_str;
+    }
 _digest_exit:
    free(ha1);
    free(ha2);