X-Git-Url: https://git.piment-noir.org/?a=blobdiff_plain;f=src%2Flib%2Fdigest.c;h=58c857835d96ae36570cb5cba90a81153599f629;hb=51114600970199152e737dce64f0aa2d9e266c2c;hp=132f27e33b2f7c9aa0db3f7541f893b5d6b921fc;hpb=e4169f77f892fefc66a97439d295d3e09ef3e2f0;p=deb_shairplay.git

diff --git a/src/lib/digest.c b/src/lib/digest.c
index 132f27e..58c8578 100644
--- a/src/lib/digest.c
+++ b/src/lib/digest.c
@@ -73,14 +73,14 @@ digest_generate_nonce(char *result, int resultlen)
 	MD5_Final(md5buf, &md5ctx);
 	digest_md5_to_hex(md5buf, md5hex);
 
+	memset(result, 0, resultlen);
 	strncpy(result, md5hex, resultlen-1);
-	result[resultlen-1] = '\0';
 }
 
 int
 digest_is_valid(const char *our_realm, const char *password,
                 const char *our_nonce, const char *method,
-                const char *authorization)
+                const char *our_uri, const char *authorization)
 {
 	char *auth;
 	char *current;
@@ -128,16 +128,26 @@ digest_is_valid(const char *our_realm, const char *password,
 		else *last = '\0';
 
 		/* Store value if it is relevant */
-		if (!strncmp("username=\"", first, 10))
+		if (!strncmp("username=\"", first, 10)) {
 			username = first+10;
-		if (!strncmp("realm=\"", first, 7))
+		} else if (!strncmp("realm=\"", first, 7)) {
 			realm = first+7;
-		if (!strncmp("nonce=\"", first, 7))
+		} else if (!strncmp("nonce=\"", first, 7)) {
 			nonce = first+7;
-		if (!strncmp("uri=\"", first, 5))
+		} else if (!strncmp("uri=\"", first, 5)) {
 			uri = first+5;
-		if (!strncmp("response=\"", first, 10))
+		} else if (!strncmp("response=\"", first, 10)) {
 			response = first+10;
+		}
+	}
+
+	if (!username || !realm || !nonce || !uri || !response) {
+		free(auth);
+		return 0;
+	}
+	if (strcmp(realm, our_realm) || strcmp(nonce, our_nonce) || strcmp(uri, our_uri)) {
+		free(auth);
+		return 0;
 	}
 
 	/* Calculate our response */