diff options
| author | Manjeet Dahiya <manjeetdahiya@gmail.com> | 2010-02-23 11:46:23 +0000 |
|---|---|---|
| committer | Manjeet Dahiya <manjeetdahiya@gmail.com> | 2010-02-23 11:46:23 +0000 |
| commit | a9a596c15b490c578f8f39183819ce29a4e6513d (patch) | |
| tree | e63cc3551a550596ac09b9a42fccc53ac3eb58b1 /source/QXmppClient.cpp | |
| parent | 1e917274eb8fdbc0c74a23e8a3e5efae0f93431f (diff) | |
| download | qxmpp-a9a596c15b490c578f8f39183819ce29a4e6513d.tar.gz | |
Fix
Issue 46:Error in SASLDigestMD5 with jabber.org
Issue 39: MD5 Authentication does not work against servers which return '=' in their nonce
The SASL auth using the MD5 mechanism specifies the key value pairs, such as nonce, qop, algorithm. The format is: key = "value". The parsing in the qxmpp therefore splits on the '=' character to process the key/values. This fails when any one of the field values contains a '='. The parsing should take what is in the value delimiters '"' literally.
Please find attached a patch to fix the parsing. Three additional related minor changes have been made:
1) base64 encode the client generated nonce. This is because the random nonce generator can encode a null (0) char, which is messy and can break things server side
2) Enforce the steps of the challenge/response authentication rather then relying on content of the payload
3) Disconnect if the client gives a SASL auth failure
Thanks mr.o.wickham for providing the patch.
Diffstat (limited to 'source/QXmppClient.cpp')
0 files changed, 0 insertions, 0 deletions