# HG changeset patch
# User Nathan Walp <nwalp@pidgin.im>
# Date 1098633978 0
# Node ID a5bd6d78717dbbff54b88474690ae75c1ae279b5
# Parent  3855d3467437a4b2062e96a3b32ee7c4446f0df9
[gaim-migrate @ 11204]
Michael Plump (plumpy) noticed an ancient quirk in the DIGEST-MD5 authentication method for Jabber, and another bug in jabber authentication.

committer: Tailor Script <tailor@pidgin.im>

diff -r 3855d3467437 -r a5bd6d78717d src/protocols/jabber/auth.c
--- a/src/protocols/jabber/auth.c	Sun Oct 24 15:16:48 2004 +0000
+++ b/src/protocols/jabber/auth.c	Sun Oct 24 16:06:18 2004 +0000
@@ -298,20 +298,30 @@
 {
 	md5_state_t ctx;
 	md5_byte_t result[16];
+	size_t a1len;
 
-	char *x, *y, *a1, *ha1, *ha2, *kd, *z;
+	char *x, *a1, *ha1, *ha2, *kd, *z, *convnode, *convpasswd;
 
-	x = g_strdup_printf("%s:%s:%s", jid->node, realm, passwd);
+	if((convnode = g_convert(jid->node, strlen(jid->node), "iso-8859-1", "utf-8",
+					NULL, NULL, NULL)) == NULL) {
+		convnode = g_strdup(jid->node);
+	}
+	if((convpasswd = g_convert(passwd, strlen(passwd), "iso-8859-1", "utf-8",
+					NULL, NULL, NULL)) == NULL) {
+		convpasswd = g_strdup(passwd);
+	}
+
+	x = g_strdup_printf("%s:%s:%s", convnode, realm, convpasswd);
 	md5_init(&ctx);
 	md5_append(&ctx, x, strlen(x));
 	md5_finish(&ctx, result);
 
-	y = g_strndup(result, 16);
-
-	a1 = g_strdup_printf("%s:%s:%s", y, nonce, cnonce);
+	a1 = g_strdup_printf("xxxxxxxxxxxxxxxx:%s:%s", nonce, cnonce);
+	a1len = strlen(a1);
+	g_memmove(a1, result, 16);
 
 	md5_init(&ctx);
-	md5_append(&ctx, a1, strlen(a1));
+	md5_append(&ctx, a1, a1len);
 	md5_finish(&ctx, result);
 
 	ha1 = gaim_base16_encode(result, 16);
@@ -330,8 +340,9 @@
 
 	z = gaim_base16_encode(result, 16);
 
+	g_free(convnode);
+	g_free(convpasswd);
 	g_free(x);
-	g_free(y);
 	g_free(a1);
 	g_free(ha1);
 	g_free(ha2);