From 670144ed7cc33001703f11d183d468cefe623c25 Mon Sep 17 00:00:00 2001 From: Shubham Kulkarni Date: Thu, 1 Oct 2020 14:32:50 +0530 Subject: [PATCH] http_auth.c: Fix crash when opaque field is not present in challenge string Closes: https://github.com/espressif/esp-idf/issues/5888 --- components/esp_http_client/lib/http_auth.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/components/esp_http_client/lib/http_auth.c b/components/esp_http_client/lib/http_auth.c index 7463a92f59..55016403f0 100644 --- a/components/esp_http_client/lib/http_auth.c +++ b/components/esp_http_client/lib/http_auth.c @@ -72,6 +72,7 @@ char *http_auth_digest(const char *username, const char *password, esp_http_auth char *ha1, *ha2 = NULL; char *digest = NULL; char *auth_str = NULL; + char *temp_auth_str = NULL; if (username == NULL || password == NULL || @@ -123,8 +124,13 @@ char *http_auth_digest(const char *username, const char *password, esp_http_auth } } asprintf(&auth_str, "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", algorithm=\"MD5\", " - "response=\"%s\", opaque=\"%s\", qop=%s, nc=%08x, cnonce=\"%016llx\"", - username, auth_data->realm, auth_data->nonce, auth_data->uri, digest, auth_data->opaque, auth_data->qop, auth_data->nc, auth_data->cnonce); + "response=\"%s\", qop=%s, nc=%08x, cnonce=\"%016llx\"", + username, auth_data->realm, auth_data->nonce, auth_data->uri, digest, auth_data->qop, auth_data->nc, auth_data->cnonce); + if (auth_data->opaque) { + asprintf(&temp_auth_str, "%s, opaque=\"%s\"", auth_str, auth_data->opaque); + free(auth_str); + auth_str = temp_auth_str; + } _digest_exit: free(ha1); free(ha2);