fix(esp_http_client): Fix http digest auth without qop

Closes https://github.com/espressif/esp-idf/issues/12962
This commit is contained in:
Harshit Malpani 2024-01-15 12:08:04 +05:30
parent 7bb236254e
commit bc901c0a3a
No known key found for this signature in database
GPG Key ID: 441A8ACC7853D493
2 changed files with 21 additions and 3 deletions

View File

@ -619,7 +619,6 @@ static esp_err_t esp_http_client_prepare(esp_http_client_handle_t client)
} }
client->auth_data->cnonce = ((uint64_t)esp_random() << 32) + esp_random(); client->auth_data->cnonce = ((uint64_t)esp_random() << 32) + esp_random();
auth_response = http_auth_digest(client->connection_info.username, client->connection_info.password, client->auth_data); auth_response = http_auth_digest(client->connection_info.username, client->connection_info.password, client->auth_data);
client->auth_data->nc ++;
#endif #endif
} }

View File

@ -172,19 +172,38 @@ char *http_auth_digest(const char *username, const char *password, esp_http_auth
goto _digest_exit; goto _digest_exit;
} }
} else { } else {
/* Although as per RFC-2617, "qop" directive is optional in order to maintain backward compatibality, it is recommended
to use it if the server indicated that qop is supported. This enhancement was introduced to protect against attacks
like chosen-plaintext attack. */
ESP_LOGW(TAG, "\"qop\" directive not found. This may lead to attacks like chosen-plaintext attack");
// response=digest_func(HA1:nonce:HA2) // response=digest_func(HA1:nonce:HA2)
if (digest_func(digest, "%s:%s:%s", ha1, auth_data->nonce, ha2) <= 0) { if (digest_func(digest, "%s:%s:%s", ha1, auth_data->nonce, ha2) <= 0) {
goto _digest_exit; goto _digest_exit;
} }
} }
int rc = asprintf(&auth_str, "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", algorithm=%s, " int rc = asprintf(&auth_str, "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", algorithm=%s, "
"response=\"%s\", qop=%s, nc=%08x, cnonce=\"%016"PRIx64"\"", "response=\"%s\"", username, auth_data->realm, auth_data->nonce, auth_data->uri, auth_data->algorithm, digest);
username, auth_data->realm, auth_data->nonce, auth_data->uri, auth_data->algorithm, digest, auth_data->qop, auth_data->nc, auth_data->cnonce);
if (rc < 0) { if (rc < 0) {
ESP_LOGE(TAG, "asprintf() returned: %d", rc); ESP_LOGE(TAG, "asprintf() returned: %d", rc);
ret = ESP_FAIL; ret = ESP_FAIL;
goto _digest_exit; goto _digest_exit;
} }
if (auth_data->qop) {
rc = asprintf(&temp_auth_str, ", qop=%s, nc=%08x, cnonce=\"%016"PRIx64"\"", auth_data->qop, auth_data->nc, auth_data->cnonce);
if (rc < 0) {
ESP_LOGE(TAG, "asprintf() returned: %d", rc);
ret = ESP_FAIL;
goto _digest_exit;
}
auth_str = http_utils_append_string(&auth_str, temp_auth_str, strlen(temp_auth_str));
if (!auth_str) {
ret = ESP_FAIL;
goto _digest_exit;
}
free(temp_auth_str);
auth_data->nc ++;
}
if (auth_data->opaque) { if (auth_data->opaque) {
rc = asprintf(&temp_auth_str, "%s, opaque=\"%s\"", auth_str, auth_data->opaque); rc = asprintf(&temp_auth_str, "%s, opaque=\"%s\"", auth_str, auth_data->opaque);
// Free the previous memory allocated for `auth_str` // Free the previous memory allocated for `auth_str`