File: CVE-2025-32910-1.patch

package info (click to toggle)
libsoup2.4 2.74.3-10.1
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 7,236 kB
  • sloc: ansic: 57,709; xml: 1,392; python: 84; php: 75; javascript: 64; sh: 49; makefile: 28
file content (92 lines) | stat: -rw-r--r-- 3,274 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
From: Patrick Griffis <pgriffis@igalia.com>
Date: Sun, 8 Dec 2024 20:00:35 -0600
Subject: auth-digest: Handle missing realm in authenticate header

(cherry picked from commit e40df6d48a1cbab56f5d15016cc861a503423cfe)
---
 libsoup/soup-auth-digest.c |  3 +++
 tests/auth-test.c          | 50 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+)

diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
index e8ba990..263a15a 100644
--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
@@ -142,6 +142,9 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
 	guint qop_options;
 	gboolean ok = TRUE;
 
+        if (!soup_auth_get_realm (auth))
+                return FALSE;
+
 	g_free (priv->domain);
 	g_free (priv->nonce);
 	g_free (priv->opaque);
diff --git a/tests/auth-test.c b/tests/auth-test.c
index 8295ec3..61a16b6 100644
--- a/tests/auth-test.c
+++ b/tests/auth-test.c
@@ -1549,6 +1549,55 @@ do_cancel_after_retry_test (void)
         soup_test_session_abort_unref (session);
 }
 
+static void
+on_request_read_for_missing_realm (SoupServer        *server,
+                                   SoupServerMessage *msg,
+                                   gpointer           user_data)
+{
+        SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg);
+        soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\"");
+}
+
+static void
+do_missing_realm_test (void)
+{
+        SoupSession *session;
+        SoupMessage *msg;
+        SoupServer *server;
+        SoupAuthDomain *digest_auth_domain;
+        gint status;
+        GUri *uri;
+
+        server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
+	soup_server_add_handler (server, NULL,
+				 server_callback, NULL, NULL);
+	uri = soup_test_server_get_uri (server, "http", NULL);
+
+	digest_auth_domain = soup_auth_domain_digest_new (
+		"realm", "auth-test",
+		"auth-callback", server_digest_auth_callback,
+		NULL);
+        soup_auth_domain_add_path (digest_auth_domain, "/");
+	soup_server_add_auth_domain (server, digest_auth_domain);
+        g_object_unref (digest_auth_domain);
+
+        g_signal_connect (server, "request-read",
+                          G_CALLBACK (on_request_read_for_missing_realm),
+                          NULL);
+
+        session = soup_test_session_new (NULL);
+        msg = soup_message_new_from_uri ("GET", uri);
+        g_signal_connect (msg, "authenticate",
+                          G_CALLBACK (on_digest_authenticate),
+                          NULL);
+
+        status = soup_test_session_send_message (session, msg);
+
+        g_assert_cmpint (status, ==, SOUP_STATUS_UNAUTHORIZED);
+	g_uri_unref (uri);
+	soup_test_server_quit_unref (server);
+}
+
 int
 main (int argc, char **argv)
 {
@@ -1576,6 +1625,7 @@ main (int argc, char **argv)
 	g_test_add_func ("/auth/async-message-do-not-use-auth-cache", do_async_message_do_not_use_auth_cache_test);
 	g_test_add_func ("/auth/authorization-header-request", do_message_has_authorization_header_test);
 	g_test_add_func ("/auth/cancel-after-retry", do_cancel_after_retry_test);
+	g_test_add_func ("/auth/missing-realm", do_missing_realm_test);
 
 	ret = g_test_run ();