[Devel] UAC module and parse error
Klaus Darilion
klaus.mailinglists at pernau.at
Wed Dec 6 11:55:18 CET 2006
stale and algorithm must not be quoted.
The others must be quoted strings:
details are in RFC 3261, e.g.:
Proxy-Authenticate = "Proxy-Authenticate" HCOLON challenge
challenge = ("Digest" LWS digest-cln *(COMMA digest-cln))
/ other-challenge
other-challenge = auth-scheme LWS auth-param
*(COMMA auth-param)
digest-cln = realm / domain / nonce
/ opaque / stale / algorithm
/ qop-options / auth-param
realm = "realm" EQUAL realm-value
realm-value = quoted-string
domain = "domain" EQUAL LDQUOT URI
*( 1*SP URI ) RDQUOT
URI = absoluteURI / abs-path
nonce = "nonce" EQUAL nonce-value
nonce-value = quoted-string
opaque = "opaque" EQUAL quoted-string
stale = "stale" EQUAL ( "true" / "false" )
algorithm = "algorithm" EQUAL ( "MD5" / "MD5-sess"
/ token )
qop-options = "qop" EQUAL LDQUOT qop-value
*("," qop-value) RDQUOT
qop-value = "auth" / "auth-int" / token
regards
klaus
Christophe Irles wrote:
> Hi,
>
> I found a parse error bug in the UAC module. It's slightly the same bug as
> describe in the 1448453 bug but it concerns the parse of the field "stale"
> this time.
>
> Here is the log of openser:
> 4(19621) DEBUG:uac:uac_auth: picked reply is 0x816cfe8, code 407
> 4(19621) DEBUG:uac:get_autenticate_hdr: looking for header
> "Proxy-Authenticate"
> 4(19621) parse_headers: flags=ffffffffffffffff
> 4(19621) DEBUG: get_hdr_body : content_length=0
> 4(19621) found end of header
> 4(19621) DEBUG:uac:uac_auth: header found; body=<Digest
> realm="freephonie.net",nonce="028183054212a08209186424557a08f7",opaque="027f
> b3fb0f14a5b",stale=false,algorithm=MD5>
> 4(19621) DEBUG:uac:parse_authenticate_body: <realm>="freephonie.net"
> state=2
> 4(19621) DEBUG:uac:parse_authenticate_body:
> <nonce>="028183054212a08209186424557a08f7" state=3
> 4(19621) DEBUG:uac:parse_authenticate_body: <opaque>="027fb3fb0f14a5b"
> state=6
> 4(19621) ERROR:uac:parse_authenticate_body: parse error in <Digest
> realm="freephonie.net",nonce="028183054212a08209186424557a08f7",opaque="027f
> b3fb0f14a5b",stale=false,algorithm=MD5> around 102
> 4(19621) ERROR:uac:uac_auth: failed to parse auth hdr body
> 4(19621) CONNTRACK: ct_destroy_connection():
> callId=MTUzMzAxOGNmYmZjM2ZmZWYyMzY3NjMyNDk0ZDVlYTY.
> 4(19621) DEBUG:tm:relay_reply: branch=0, save=0, relay=0
>
>
> The bug is in the file "auth_hdr.c". Some fields (realm, nonce, stale,
> domain, opaque) are specifically designed to have values between double
> quote. I change it to accept values with or without double quote. In fact I
> made few changes since the code is already ready to manage that, it just
> force the use of double quote. Perhaps some of this fields in RFC must have
> double quoted value ?
>
> Here is mypatch file to resolve my problem:
> --- ./modules/uac/auth_hdr.c
> +++ ./patch/modules/uac/auth_hdr.c
> @@ -133,11 +133,11 @@
> n = LOWER4B( GET4B(p) );
> switch(n)
> {
> - CASE_5B( 0x7265616c, 'm', REALM_STATE, 1);
> /*realm*/
> - CASE_5B( 0x6e6f6e63, 'e', NONCE_STATE, 1);
> /*nonce*/
> - CASE_5B( 0x7374616c, 'e', STALE_STATE, 1);
> /*stale*/
> - CASE_6B( 0x646f6d62, 'i', 'n', DOMAIN_STATE,
> 1); /*domain*/
> - CASE_6B( 0x6f706171, 'u', 'e', OPAQUE_STATE,
> 1); /*opaque*/
> + CASE_5B( 0x7265616c, 'm', REALM_STATE, 0);
> /*realm*/
> + CASE_5B( 0x6e6f6e63, 'e', NONCE_STATE, 0);
> /*nonce*/
> + CASE_5B( 0x7374616c, 'e', STALE_STATE, 0);
> /*stale*/
> + CASE_6B( 0x646f6d62, 'i', 'n', DOMAIN_STATE,
> 0); /*domain*/
> + CASE_6B( 0x6f706171, 'u', 'e', OPAQUE_STATE,
> 0); /*opaque*/
> case 0x616c676f: /*algo*/
> if (p+9<end &&
> LOWER4B(GET4B(p+4))==0x72697468
> && LOWER1B(*(p+8))=='m' )
>
> Regards,
> Christophe
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel
--
Klaus Darilion
nic.at
More information about the Devel
mailing list