View | Details | Raw Unified | Return to bug 54060
Collapse All | Expand All

(-)java/org/apache/catalina/authenticator/DigestAuthenticator.java (-15 / +29 lines)
Lines 26-31 Link Here
26
import java.util.LinkedHashMap;
26
import java.util.LinkedHashMap;
27
import java.util.Map;
27
import java.util.Map;
28
import java.util.StringTokenizer;
28
import java.util.StringTokenizer;
29
import java.util.regex.Matcher;
30
import java.util.regex.Pattern;
29
31
30
import javax.servlet.http.HttpServletRequest;
32
import javax.servlet.http.HttpServletRequest;
31
import javax.servlet.http.HttpServletResponse;
33
import javax.servlet.http.HttpServletResponse;
Lines 55-60 Link Here
55
57
56
    private static final Log log = LogFactory.getLog(DigestAuthenticator.class);
58
    private static final Log log = LogFactory.getLog(DigestAuthenticator.class);
57
59
60
	/** Pattern for parsing tokens in Authorization header.
61
	 *
62
	 */
63
    private static final Pattern TOKEN_PATTERN = Pattern.compile("\\s*([a-zA-Z]+)\\s*=\\s*((?:[^\", ]+)|(?:\"(?:[^\"\\\\]|(?:\\\\.))*\"))\\s*,?");
58
64
59
    // -------------------------------------------------------------- Constants
65
    // -------------------------------------------------------------- Constants
60
66
Lines 357-363 Link Here
357
                !quotesRequired) {
363
                !quotesRequired) {
358
            return quotedString;
364
            return quotedString;
359
        } else if (quotedString.length() > 2) {
365
        } else if (quotedString.length() > 2) {
360
            return quotedString.substring(1, quotedString.length() - 1);
366
            String string = quotedString.substring(1, quotedString.length() - 1);
367
            if (string.indexOf('\\') != -1) {
368
                // The string contains quoted characters
369
                StringBuilder buffer = new StringBuilder(string);
370
                int pos = 0;
371
                while (pos < buffer.length()) {
372
                    int index = buffer.indexOf("\\", pos);
373
                    if (index == -1)
374
                        break;
375
                    buffer.deleteCharAt(index);
376
                    pos = index+1;
377
                }
378
                string = buffer.toString();
379
            }
380
            return string;
361
        } else {
381
        } else {
362
            return "";
382
            return "";
363
        }
383
        }
Lines 543-566 Link Here
543
            }
563
            }
544
            authorization = authorization.substring(7).trim();
564
            authorization = authorization.substring(7).trim();
545
565
546
            // Bugzilla 37132: http://issues.apache.org/bugzilla/show_bug.cgi?id=37132
547
            String[] tokens = authorization.split(",(?=(?:[^\"]*\"[^\"]*\")+$)");
548
549
            method = request.getMethod();
566
            method = request.getMethod();
550
567
551
            for (int i = 0; i < tokens.length; i++) {
568
            Matcher matcher = TOKEN_PATTERN.matcher(authorization);
552
                String currentToken = tokens[i];
569
            while (matcher.regionStart() < authorization.length()) {
553
                if (currentToken.length() == 0)
570
                if (!matcher.lookingAt()) {
554
                    continue;
571
                    // have unmatched text
555
572
                    log.warn("Unmatched text in Authorization: "+authorization.substring(matcher.regionStart()));
556
                int equalSign = currentToken.indexOf('=');
557
                if (equalSign < 0) {
558
                    return false;
573
                    return false;
559
                }
574
                }
560
                String currentTokenName =
575
                String currentTokenName = matcher.group(1);
561
                    currentToken.substring(0, equalSign).trim();
576
                String currentTokenValue = matcher.group(2);
562
                String currentTokenValue =
577
                matcher.region(matcher.end(), authorization.length());
563
                    currentToken.substring(equalSign + 1).trim();
564
                if ("username".equals(currentTokenName))
578
                if ("username".equals(currentTokenName))
565
                    userName = removeQuotes(currentTokenValue);
579
                    userName = removeQuotes(currentTokenValue);
566
                if ("realm".equals(currentTokenName))
580
                if ("realm".equals(currentTokenName))

Return to bug 54060