qop is required nc and nonce (fixes #477)

git-svn-id: svn+ssh://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@971 152afb58-edef-0310-8abb-c4023f1b3aa9
author: Jan Kneschke <jan@kneschke.de> 2006-02-01 11:32:33 +0000
committer: Jan Kneschke <jan@kneschke.de> 2006-02-01 11:32:33 +0000
commit: 7243d985effcc89c789ebe12076b7bc2be9018d7 (patch)
tree: e38ac9953ef1f2bf14a66bc2ad2b6e1a623f7bdb /src
parent: 83ebc1839ec59fe13ff5934040d3f0564045c125 (diff)
download: lighttpd-git-7243d985effcc89c789ebe12076b7bc2be9018d7.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/src/http_auth.c b/src/http_auth.c
index 9976c155..d4de2129 100644
--- a/src/http_auth.c
+++ b/src/http_auth.c
@@ -806,6 +806,10 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
 	
 	/* parse credentials from client */
 	for (c = b->ptr; *c; c++) {
+		/* skip whitespaces */
+		while (*c == ' ' || *c == '\t') c++;
+		if (!c) break;
+
 		for (i = 0; dkv[i].key; i++) {
 			if ((0 == strncmp(c, dkv[i].key, dkv[i].key_len))) {
 				if ((c[dkv[i].key_len] == '"') && 
@@ -847,7 +851,7 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
 	    !realm ||
 	    !nonce ||
 	    !uri ||
-	    (qop && !nc && !cnonce) ||
+	    (qop && (!nc || !cnonce)) ||
 	    !respons ) {
 		/* missing field */
author	Jan Kneschke <jan@kneschke.de>	2006-02-01 11:32:33 +0000
committer	Jan Kneschke <jan@kneschke.de>	2006-02-01 11:32:33 +0000
commit	7243d985effcc89c789ebe12076b7bc2be9018d7 (patch)
tree	e38ac9953ef1f2bf14a66bc2ad2b6e1a623f7bdb /src
parent	83ebc1839ec59fe13ff5934040d3f0564045c125 (diff)
download	lighttpd-git-7243d985effcc89c789ebe12076b7bc2be9018d7.tar.gz