From 268f72c87ed44283cc7d35e16198fed76353a098 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Juho=20V=C3=A4h=C3=A4-Herttua?= <juhovh@iki.fi>
Date: Tue, 20 Mar 2012 22:00:14 +0200
Subject: [PATCH] Fix bugs in the digest handling.

---
 src/lib/digest.c | 11 +++++++++--
 src/lib/digest.h |  2 +-
 src/lib/raop.c   |  5 +++--
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/lib/digest.c b/src/lib/digest.c
index 132f27e..78c916e 100644
--- a/src/lib/digest.c
+++ b/src/lib/digest.c
@@ -73,14 +73,14 @@ digest_generate_nonce(char *result, int resultlen)
 	MD5_Final(md5buf, &md5ctx);
 	digest_md5_to_hex(md5buf, md5hex);
 
+	memset(result, 0, resultlen);
 	strncpy(result, md5hex, resultlen-1);
-	result[resultlen-1] = '\0';
 }
 
 int
 digest_is_valid(const char *our_realm, const char *password,
                 const char *our_nonce, const char *method,
-                const char *authorization)
+                const char *our_uri, const char *authorization)
 {
 	char *auth;
 	char *current;
@@ -140,6 +140,13 @@ digest_is_valid(const char *our_realm, const char *password,
 			response = first+10;
 	}
 
+	if (!username || !realm || !nonce || !uri || !response) {
+		return 0;
+	}
+	if (strcmp(realm, our_realm) || strcmp(nonce, our_nonce) || strcmp(uri, our_uri)) {
+		return 0;
+	}
+
 	/* Calculate our response */
 	memset(our_response, 0, sizeof(our_response));
 	digest_get_response(username, realm, password, nonce,
diff --git a/src/lib/digest.h b/src/lib/digest.h
index f4b46e7..aa52afb 100644
--- a/src/lib/digest.h
+++ b/src/lib/digest.h
@@ -4,6 +4,6 @@
 void digest_generate_nonce(char *result, int resultlen);
 int digest_is_valid(const char *our_realm, const char *password,
                     const char *our_nonce, const char *method,
-                    const char *authorization);
+                    const char *our_uri, const char *authorization);
 
 #endif
diff --git a/src/lib/raop.c b/src/lib/raop.c
index 9aafe65..1994ed3 100644
--- a/src/lib/raop.c
+++ b/src/lib/raop.c
@@ -36,7 +36,7 @@
 #define MAX_PASSWORD_LEN 64
 
 /* MD5 as hex fits here */
-#define MAX_NONCE_LEN 33
+#define MAX_NONCE_LEN 32
 
 struct raop_s {
 	/* Callbacks for audio */
@@ -143,9 +143,10 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response)
 
 		authorization = http_request_get_header(request, "Authorization");
 		if (authorization) {
+			logger_log(&conn->raop->logger, LOGGER_DEBUG, "Our nonce: %s\n", conn->nonce);
 			logger_log(&conn->raop->logger, LOGGER_DEBUG, "Authorization: %s\n", authorization);
 		}
-		if (!digest_is_valid("AppleTV", raop->password, conn->nonce, method, authorization)) {
+		if (!digest_is_valid("AppleTV", raop->password, conn->nonce, method, http_request_get_url(request), authorization)) {
 			char *authstr;
 			int authstrlen;
 
-- 
2.34.1