[sr-dev] git:3.1: modules/auth: fixed checking and calculating of nonce count (nc) value

Fri Mar 18 14:07:17 CET 2011

Module: sip-router
Branch: 3.1
Commit: 63e528a36299eca625e204a1834ab8502aa1cf27
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=63e528a36299eca625e204a1834ab8502aa1cf27

Author: Juha Heinanen <jh at tutpro.com>
Committer: Juha Heinanen <jh at tutpro.com>
Date:   Fri Mar 18 15:06:16 2011 +0200

modules/auth: fixed checking and calculating of nonce count (nc) value

---

 modules/auth/nonce.c |   29 +++++++++++++++++++++++------
 1 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/modules/auth/nonce.c b/modules/auth/nonce.c
index 369a41d..e20c2f2 100644
--- a/modules/auth/nonce.c
+++ b/modules/auth/nonce.c
@@ -276,7 +276,24 @@ int calc_nonce(char* nonce, int *nonce_len, int cfg, int since, int expires,
  */
 #define is_bin_nonce_stale(b_nonce, t) (get_bin_nonce_expire(b_nonce) < (t))
 
+static inline int l8hex2int(char* _s, unsigned int *_r)
+{
+    unsigned int i, res = 0;
 
+    for(i = 0; i < 8; i++) {
+	res *= 16;
+	if ((_s[i] >= '0') && (_s[i] <= '9')) {
+	    res += _s[i] - '0';
+	} else if ((_s[i] >= 'a') && (_s[i] <= 'f')) {
+	    res += _s[i] - 'a' + 10;
+	} else if ((_s[i] >= 'A') && (_s[i] <= 'F')) {
+	    res += _s[i] - 'A' + 10;
+	} else return -1;
+    }
+    
+    *_r = res;
+    return 0;
+}
 
 
 /** Check whether the nonce returned by UA is valid.
@@ -404,12 +421,12 @@ int check_nonce(auth_body_t* auth, str* secret1, str* secret2,
 		/* if nounce-count checks enabled & auth. headers has nc */
 		if (nc_enabled && (pf & NF_VALID_NC_ID) && auth->digest.nc.s &&
 				auth->digest.nc.len){
-			if (str2int(&auth->digest.nc, &nc)!=0){
-				/* error, bad nc */
-				ERR("FIXME:check_nonce: bad nc value %.*s\n",
-						auth->digest.nc.len, auth->digest.nc.s);
-				return 5; /* invalid nc */
-			}
+		        if ((auth->digest.nc.len != 8) ||
+			    l8hex2int(auth->digest.nc.s, &nc) != 0) {
+			    ERR("check_nonce: bad nc value %.*s\n",
+			        auth->digest.nc.len, auth->digest.nc.s);
+			    return 5; /* invalid nc */
+		        }
 			switch(nc_check_val(n_id, pf & NF_POOL_NO_MASK, nc)){
 				case NC_OK:
 					/* don't perform extra checks or one-time nonce checks


