segfault in http kioslave

Tue Sep 17 06:40:27 BST 2002

On Monday 16 September 2002 13:30, Waldo Bastian wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Monday 16 September 2002 02:26 am, Best, Jan-Pascal van wrote:
> > Hi all,
> >
> > I'm getting segfaults in the http kioslave (CVS HEAD), in
> > createDigestAuth(), when accessing an Exchange server (Exchange 2000,
> > Microsoft-IIS/5.0).
> >
> > The funny thing is that this server usually uses Basic authentication
> > instead of Digest. If I use Konqueror, the segfaults happens with the
> > URL  webdav://mail.tbm.tudelft.nl/exchange/janb/Calendar/
> > but not with Outlook web access, via the URL http://mail.tbm.tudelft.nl
> >
> > From the debug log, it appears that the authentication computation is
> > happening before the first request, so not in reaction to a 401 sent by 
> > the server. I've registered name and password before with the
> > kPasswdServer. I don't understand why the kioslave thinks it should
> > authenticate before hearing that from the server.

I know why this bug occurs.  We default to the strongest possible authentication
by default which in retrospect is not a good idea since more information is needed 
to compute digest authentication.  It would have worked without a problem if we 
defaulted to "Basic".  Will fix this issue.  BTW, how did you register the password 
before hand ?  If it was done through the interface this should not have happened.

> If we have a password / username available for a certain server we will use
> it to prevent an extra round-trip.

It is also allowed/recommended by RFC 2616.  And no it is not only for certain 
servers, but for any server you have to authenticate to.  You have to make two 
round trips two for each and ever request.  For example, if you have 10 images 
on a given web page we have to make 20 requests to get all of them.

> > This results in an empty info.digestInfo in line 2189 (HEAD=1.538),
> > which isn't surprising, and a move to AUTH_Digest, which is wrong and
> > unasked for.

> Yes, I have seen this before but it wasn't really clear to me when that
> happened and couldn't reproduce it.

Patch below should fix it.  It mostly likely happens because we recently started 
accepting authentication names in non-case sensitive format, but the code code 
that sends preemptive authentication info used "startWith" to do the check.  You 
then got the segfault for the same reason I stated above...

> > Are there any recent changes to the authentication code in kio_http that
> > could have caused this?
>
> I think it did it wrong for quite some time, but a recent change might be
> responsible for the segfaults.
>
> Does it help if you change 2189 to:
>       if ( checkCachedAuthentication( info ) && !info.digestInfo.isEmpty())

Hmm... Actually, checkCachedAuthentication should return false if info.digestInfo 
is empty at least that was the way it was IIRC.  Anyways, here is a better patch 
to fix both yours and Jean's issue.  Default to Basic and make case insensitive 
comparison:

Index: http/http.cc
===================================================================
RCS file: /home/kde/kdelibs/kioslave/http/http.cc,v
retrieving revision 1.538
diff -u -p -b -B -w -r1.538 http.cc

--- http/http.cc        2002/09/11 13:47:19     1.538
+++ http/http.cc        2002/09/17 05:25:35
@@ -2186,7 +2186,11 @@ bool HTTPProtocol::httpOpen()
         info.username = m_request.user;
       if ( checkCachedAuthentication( info ) )
       {
-        Authentication = info.digestInfo.startsWith("Basic") ? AUTH_Basic : AUTH_Digest ;
+        if (info.digestInfo.find("digest", 0, false) == 0)
+          Authentication = AUTH_Digest;
+        else
+          Authentication = AUTH_Basic;
+
         m_state.user   = info.username;
         m_state.passwd = info.password;
         m_strRealm = info.realmValue;



