From 477f6149478083cb37bf6a4ce8ac0d14f518b4de Mon Sep 17 00:00:00 2001
From: "Evgeny Grin (Karlson2k)" <k2k@narod.ru>
Date: Sun, 14 Aug 2022 18:11:16 +0300
Subject: digestauth: do not use "algorithm" in response header in RFC2069 mode

---
 src/microhttpd/digestauth.c | 52 ++++++++++++++++++++++++++-------------------
 1 file changed, 30 insertions(+), 22 deletions(-)

(limited to 'src/microhttpd/digestauth.c')

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 3efc0288..2ff3cd7f 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -2966,13 +2966,17 @@ MHD_queue_auth_required_response3 (struct MHD_Connection *connection,
     buf_size += MHD_STATICSTR_LEN_ (MHD_TOKEN_AUTH_);
   }
   /* 'algorithm="xxxx", ' */
-  buf_size += MHD_STATICSTR_LEN_ (prefix_algo) + 2; /* 2 for ', ' */
-  if (MHD_DIGEST_AUTH_ALGO3_MD5 == s_algo)
-    buf_size += MHD_STATICSTR_LEN_ (_MHD_MD5_TOKEN);
-  else if (MHD_DIGEST_AUTH_ALGO3_SHA256 == s_algo)
-    buf_size += MHD_STATICSTR_LEN_ (_MHD_SHA256_TOKEN);
-  else
-    mhd_assert (0);
+  if (((MHD_DIGEST_AUTH_MULT_QOP_NONE) != mqop) ||
+      (0 == (((unsigned int) s_algo) & MHD_DIGEST_BASE_ALGO_MD5)))
+  {
+    buf_size += MHD_STATICSTR_LEN_ (prefix_algo) + 2; /* 2 for ', ' */
+    if (MHD_DIGEST_AUTH_ALGO3_MD5 == s_algo)
+      buf_size += MHD_STATICSTR_LEN_ (_MHD_MD5_TOKEN);
+    else if (MHD_DIGEST_AUTH_ALGO3_SHA256 == s_algo)
+      buf_size += MHD_STATICSTR_LEN_ (_MHD_SHA256_TOKEN);
+    else
+      mhd_assert (0);
+  }
   /* 'nonce="xxxx", ' */
   buf_size += MHD_STATICSTR_LEN_ (prefix_nonce) + 3; /* 3 for '", ' */
   buf_size += NONCE_STD_LEN (digest_get_size (&da)); /* Escaping not needed */
@@ -3048,23 +3052,27 @@ MHD_queue_auth_required_response3 (struct MHD_Connection *connection,
     buf[p++] = ' ';
   }
   /* 'algorithm="xxxx", ' */
-  memcpy (buf + p, prefix_algo,
-          MHD_STATICSTR_LEN_ (prefix_algo));
-  p += MHD_STATICSTR_LEN_ (prefix_algo);
-  if (MHD_DIGEST_AUTH_ALGO3_MD5 == s_algo)
+  if (((MHD_DIGEST_AUTH_MULT_QOP_NONE) != mqop) ||
+      (0 == (((unsigned int) s_algo) & MHD_DIGEST_BASE_ALGO_MD5)))
   {
-    memcpy (buf + p, _MHD_MD5_TOKEN,
-            MHD_STATICSTR_LEN_ (_MHD_MD5_TOKEN));
-    p += MHD_STATICSTR_LEN_ (_MHD_MD5_TOKEN);
-  }
-  else if (MHD_DIGEST_AUTH_ALGO3_SHA256 == s_algo)
-  {
-    memcpy (buf + p, _MHD_SHA256_TOKEN,
-            MHD_STATICSTR_LEN_ (_MHD_SHA256_TOKEN));
-    p += MHD_STATICSTR_LEN_ (_MHD_SHA256_TOKEN);
+    memcpy (buf + p, prefix_algo,
+            MHD_STATICSTR_LEN_ (prefix_algo));
+    p += MHD_STATICSTR_LEN_ (prefix_algo);
+    if (MHD_DIGEST_AUTH_ALGO3_MD5 == s_algo)
+    {
+      memcpy (buf + p, _MHD_MD5_TOKEN,
+              MHD_STATICSTR_LEN_ (_MHD_MD5_TOKEN));
+      p += MHD_STATICSTR_LEN_ (_MHD_MD5_TOKEN);
+    }
+    else if (MHD_DIGEST_AUTH_ALGO3_SHA256 == s_algo)
+    {
+      memcpy (buf + p, _MHD_SHA256_TOKEN,
+              MHD_STATICSTR_LEN_ (_MHD_SHA256_TOKEN));
+      p += MHD_STATICSTR_LEN_ (_MHD_SHA256_TOKEN);
+    }
+    buf[p++] = ',';
+    buf[p++] = ' ';
   }
-  buf[p++] = ',';
-  buf[p++] = ' ';
   /* 'nonce="xxxx", ' */
   memcpy (buf + p, prefix_nonce,
           MHD_STATICSTR_LEN_ (prefix_nonce));
-- 
cgit v1.2.3