#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/modules.h>
#include <freeradius-devel/conffile.h>
-#include <freeradius-devel/rad_assert.h>
static const char rcsid[] = "$Id$";
static int digest_authenticate(void *instance, REQUEST *request)
{
int i;
- int a1_len, a2_len, kd_len;
+ size_t a1_len, a2_len, kd_len;
uint8_t a1[(MAX_STRING_LEN + 1) * 5]; /* can be 5 attributes */
uint8_t a2[(MAX_STRING_LEN + 1) * 3]; /* can be 3 attributes */
uint8_t kd[(MAX_STRING_LEN + 1) * 5];
return RLM_MODULE_INVALID;
}
- rad_assert(body->length == 32); /* FIXME: check in 'auth' */
- lrad_hex2bin(&body->vp_octets[0], &a2[a2_len], body->length >> 1);
- a2_len += (body->length >> 1);
+ if ((a2_len + body->length) > sizeof(a2)) {
+ DEBUG("ERROR: Digest-Body-Digest is too long");
+ return RLM_MODULE_INVALID;
+ }
+
+ memcpy(a2 + a2_len, body->vp_octets, body->length);
+ a2_len += body->length;
} else if ((qop != NULL) &&
(strcasecmp(qop->vp_strvalue, "auth") != 0)) {
* Get the binary value of Digest-Response
*/
vp = pairfind(request->packet->vps, PW_DIGEST_RESPONSE);
- rad_assert(vp != NULL);
+ if (!vp) {
+ DEBUG("ERROR: No Digest-Response attribute in the request. Cannot perform digest authentication");
+ return RLM_MODULE_INVALID;
+ }
lrad_hex2bin(&vp->vp_octets[0], &hash[0], vp->length >> 1);
--- /dev/null
+#
+# http://ftp6.us.freebsd.org/pub/rfc/internet-drafts/draft-smith-sipping-auth-examples-01.txt
+#
+# 3.5.2
+#
+#
+# In the "users" file: bob User-Password := "zanzibar"
+#
+User-Name = "bob",
+Digest-Response = "bdbeebb2da6adb6bca02599c2239e192"
+Digest-Realm = "biloxi.com",
+Digest-Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
+Digest-Method = "INVITE",
+Digest-URI = "sip:bob@biloxi.com",
+Digest-Algorithm = "MD5",
+Digest-User-Name = "bob",
+Digest-QOP = "auth-int",
+Digest-Nonce-Count = "00000001",
+Digest-CNonce = "0a4f113b",
+Digest-Body-Digest = "c1ed018b8ec4a3b170c0921f5b564e48",
+Message-Authenticator = ""