[reSIProcate] qop Parameter Parsing
Matthias Moetje
moetje at terasens.com
Mon Jan 22 06:01:14 CST 2007
Hi,
I just came across a serious issue where clients are unable to authenticate if they send the qop Parameter in a Proxy-Authorization in quotes. Eg it sends ......,qop="auth" instead of .....,qop=auth
The code in qopparameter.cxx will classify this as qopOptions parameter as you can see from the following code:
if (*pb.position() == Symbols::DOUBLE_QUOTE[0])
{
pb.reset(anchor);
return new QuotedDataParameter(ParameterTypes::qopOptions, pb, terminators);
}
else
{
pb.reset(anchor);
return new DataParameter(ParameterTypes::qop, pb, terminators);
}
As far as I can see from the RFC it doesn't say that the qop parameter in a proxy-authorization must not be quoted, so I seems that the assumtion this code is making is incorrect. (Even if it was right, there are clients that send the qop param quoted...)
But how to fix it? What would be the correct criteria to determine which type of parameter it actually is? Why is there a qopOptions and a qop Parameter at all?
Best regards,
Matthias Moetje
TERASENS GmbH
Augustenstraße 24
80333 Munich
GERMANY
Phone:
Fax:
e-mail:
Web:
+49.89.143370-0
+49.89.143370-22
info at terasens.com <mailto:info at terasens.com>
www.terasens.com <http://www.terasens.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20070122/11218d19/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2937 bytes
Desc: image001.jpg
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20070122/11218d19/attachment.jpg>
More information about the resiprocate-devel
mailing list