Mercurial > pidgin

changeset 10136:a5bd6d78717d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 11204] Michael Plump (plumpy) noticed an ancient quirk in the DIGEST-MD5 authentication method for Jabber, and another bug in jabber authentication. committer: Tailor Script <tailor@pidgin.im>
author Nathan Walp <nwalp@pidgin.im>
date Sun, 24 Oct 2004 16:06:18 +0000
parents 3855d3467437
children 94167af56ace
files src/protocols/jabber/auth.c
diffstat 1 files changed, 18 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/src/protocols/jabber/auth.c	Sun Oct 24 15:16:48 2004 +0000
+++ b/src/protocols/jabber/auth.c	Sun Oct 24 16:06:18 2004 +0000
@@ -298,20 +298,30 @@
 {
 	md5_state_t ctx;
 	md5_byte_t result[16];
+	size_t a1len;
 
-	char *x, *y, *a1, *ha1, *ha2, *kd, *z;
+	char *x, *a1, *ha1, *ha2, *kd, *z, *convnode, *convpasswd;
 
-	x = g_strdup_printf("%s:%s:%s", jid->node, realm, passwd);
+	if((convnode = g_convert(jid->node, strlen(jid->node), "iso-8859-1", "utf-8",
+					NULL, NULL, NULL)) == NULL) {
+		convnode = g_strdup(jid->node);
+	}
+	if((convpasswd = g_convert(passwd, strlen(passwd), "iso-8859-1", "utf-8",
+					NULL, NULL, NULL)) == NULL) {
+		convpasswd = g_strdup(passwd);
+	}
+
+	x = g_strdup_printf("%s:%s:%s", convnode, realm, convpasswd);
 	md5_init(&ctx);
 	md5_append(&ctx, x, strlen(x));
 	md5_finish(&ctx, result);
 
-	y = g_strndup(result, 16);
-
-	a1 = g_strdup_printf("%s:%s:%s", y, nonce, cnonce);
+	a1 = g_strdup_printf("xxxxxxxxxxxxxxxx:%s:%s", nonce, cnonce);
+	a1len = strlen(a1);
+	g_memmove(a1, result, 16);
 
 	md5_init(&ctx);
-	md5_append(&ctx, a1, strlen(a1));
+	md5_append(&ctx, a1, a1len);
 	md5_finish(&ctx, result);
 
 	ha1 = gaim_base16_encode(result, 16);
@@ -330,8 +340,9 @@
 
 	z = gaim_base16_encode(result, 16);
 
+	g_free(convnode);
+	g_free(convpasswd);
 	g_free(x);
-	g_free(y);
 	g_free(a1);
 	g_free(ha1);
 	g_free(ha2);