Fix bugs in the digest handling.

[deb_shairplay.git] / src / lib / digest.c

diff --git a/src/lib/digest.c b/src/lib/digest.c
index 132f27e33b2f7c9aa0db3f7541f893b5d6b921fc..78c916ea51dd03e94575fb53db00abc7bc4e69ee 100644 (file)
--- a/src/lib/digest.c
+++ b/src/lib/digest.c
@@ -73,14 +73,14 @@ digest_generate_nonce(char *result, int resultlen)
        MD5_Final(md5buf, &md5ctx);
        digest_md5_to_hex(md5buf, md5hex);
 
+       memset(result, 0, resultlen);
        strncpy(result, md5hex, resultlen-1);
-       result[resultlen-1] = '\0';
 }
 
 int
 digest_is_valid(const char *our_realm, const char *password,
                 const char *our_nonce, const char *method,
-                const char *authorization)
+                const char *our_uri, const char *authorization)
 {
        char *auth;
        char *current;
@@ -140,6 +140,13 @@ digest_is_valid(const char *our_realm, const char *password,
                        response = first+10;
        }
 
+       if (!username || !realm || !nonce || !uri || !response) {
+               return 0;
+       }
+       if (strcmp(realm, our_realm) || strcmp(nonce, our_nonce) || strcmp(uri, our_uri)) {
+               return 0;
+       }
+
        /* Calculate our response */
        memset(our_response, 0, sizeof(our_response));
        digest_get_response(username, realm, password, nonce,