Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.0.6

Bug #2143 We found that Auth_SASL_DigestMD5::getResponse() generates invalid response.
Submitted: 2004-08-16 22:15 UTC Modified: 2006-05-21 02:12 UTC
From: khagiya1 at yahoo dot co dot jp Assigned: amistry
Status: Closed Package: Auth_SASL
PHP Version: 4.3.7 OS: windows XP
Roadmaps: (Not assigned)    
Subscription  


 [2004-08-16 22:15 UTC] khagiya1 at yahoo dot co dot jp
Description: ------------ We found that Auth_SASL_DigestMD5::getResponse() generates invalid response. According to RFC2831, "maxbuf" value must be preceded by "maxbuf=". Similarly, "nc" field's value must consist of LHEX (lower-case hexadecimal letters) which does not include surrounding double-quote ("). The following are related excerpts from RFC2831. ------------------------------------------------------------------ ¬ĀEUsing Digest Authentication as a SASL Mechanism ( http://www.faqs.org/rfcs/rfc2831.html ) digest-challenge = 1#( realm | nonce | qop-options | stale | maxbuf | charset algorithm | cipher-opts | auth-param ) maxbuf = "maxbuf" "=" maxbuf-value ^^^^^^^^^^^^^^^^^^^^^^^^^ <-- this point is problem!!. maxbuf-value = 1*DIGIT digest-response = 1#( username | realm | nonce | cnonce | nonce-count | qop | digest-uri | response | maxbuf | charset | cipher | authzid | auth-param ) nonce-count = "nc" "=" nc-value ^^^^^^^^ <-- this point is problem!!. nc-value = 8LHEX LHEX = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f" ------------------------------------------------------------------ Patch is attached. Thanks. Index: DigestMD5.php =================================================================== RCS file: /home/cvsroot/Framework/pear/pear-20040624/Auth/SASL/DigestMD5.php,v retrieving revision 1.1.1.1 diff -c -r1.1.1.1 DigestMD5.php *** DigestMD5.php 24 Jun 2004 01:24:59 -0000 1.1.1.1 --- DigestMD5.php 17 Aug 2004 02:25:55 -0000 *************** *** 74,80 **** $digest_uri = sprintf('%s/%s', $service, $hostname); $response_value = $this->_getResponseValue($authcid, $pass, $challenge['realm'], $challenge['nonce'], $cnonce, $digest_uri, $authzid); ! return sprintf('username="%s",realm="%s"' . $authzid_string . ',nonce="%s",cnonce="%s",nc="00000001",qop=auth,digest-uri="%s",response=%s,%d', $authcid, $challenge['realm'], $challenge['nonce'], $cnonce, $digest_uri, $response_value, $challenge['maxbuf']); } else { return PEAR::raiseError('Invalid digest challenge'); } --- 74,80 ---- $digest_uri = sprintf('%s/%s', $service, $hostname); $response_value = $this->_getResponseValue($authcid, $pass, $challenge['realm'], $challenge['nonce'], $cnonce, $digest_uri, $authzid); ! return sprintf('username="%s",realm="%s"' . $authzid_string . ',nonce="%s",cnonce="%s",nc=00000001,qop=auth,digest-uri="%s",response=%s,maxbuf=%d', $authcid, $challenge['realm'], $challenge['nonce'], $cnonce, $digest_uri, $response_value, $challenge['maxbuf']); } else { return PEAR::raiseError('Invalid digest challenge'); }

Comments

 [2004-08-16 22:23 UTC] khagiya1 at yahoo dot co dot jp
Summary change.
 [2006-03-22 00:20 UTC] amistry at php dot net (Anish Mistry)
damian is inactive. I've committed the patch to the CVS. Please verify that it is correct. Thank you.
 [2006-05-21 02:12 UTC] amistry at php dot net (Anish Mistry)
Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at http://pear.php.net/get/Auth_SASL