Bug 602898 – nonce-count header is interpreted incorrectly

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 602898 - nonce-count header is interpreted incorrectly


Summary:	nonce-count header is interpreted incorrectly


Status:	VERIFIED FIXED

Product:	libsoup
Classification:	Core
Component:	HTTP Transport
Version:	2.26.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	libsoup-maint@gnome.bugs
QA Contact:	libsoup-maint@gnome.bugs

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2009-11-25 07:28 UTC by Christopher Head
Modified:	2010-08-26 00:05 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Christopher Head 2009-11-25 07:28:11 UTC

According to RFC2617 section 3.2.2:

"The nc-value is the hexadecimal count of the number of requests (including the current request) that the client has sent with the nonce value in this request."

However, in libsoup/soup-auth-domain-digest.c, function check_hex_urp, file line 306, the function atoi() is called against the client-provided value, performing a decimal conversion.

Comment 1 Dan Winship 2009-11-30 16:43:28 UTC

fixed in git master, will go into 2.28.2 in a few weeks. thanks

Comment 2 Christopher Head 2010-08-26 00:05:52 UTC

OK, this filtered down into my distro and I can confirm it works. Thanks!