Skip to content
This repository was archived by the owner on Jan 23, 2023. It is now read-only.

[release/3.1] Fix HTTP Digest authentication#42877

Merged
Anipik merged 1 commit intodotnet:release/3.1from
microkatz:mikatz-httpdigest-parse
Mar 25, 2020
Merged

[release/3.1] Fix HTTP Digest authentication#42877
Anipik merged 1 commit intodotnet:release/3.1from
microkatz:mikatz-httpdigest-parse

Conversation

@microkatz
Copy link

@microkatz microkatz commented Mar 2, 2020
edited by davidsh
Loading

This is a port of dotnet/runtime#32983. Original issue: dotnet/runtime#32943

Description

This bug was found in testing http requests with a Bosch IP Camera that supports the ONVIF protocol. Bosch is a large manufacturer in the realm of ONVIF compliant cameras. A Bosch camera that was being tested sent a digest challenge with the opaque value as an empty-string. The current dotnet core library fails to use the correct digest scheme because it breaks on parsing the empty string.

Customer Impact

Without this fix, customers can not communicate with the Bosch IP Cameras which use HTTP Digest communications.

Regression?

No

Packaging reviewed?

Change needed to System.Net.Http.dll which is part of the shared framework Microsoft.NETCore.App package.

Risk

Low, covered by unit tests

@microkatz
Added two unittests that test whether or not opaque is an empty strin…
07d7df4 
…g, the qop value is read to incorporate the correct hash algorithm for the digest challenge. Also adjusted the conditional in the challenge parse function to allow the opaque value to be an empty string
@davidsh davidsh changed the title Added two unittests that test whether or not opaque is an empty strin… [release/3.1] Fix HTTP Digest authentication Mar 2, 2020
@davidsh davidsh added the tenet-compatibility Incompatibility with previous versions or .NET Framework label Mar 2, 2020
@davidsh davidsh added this to the 3.1.x milestone Mar 2, 2020
davidsh
davidsh approved these changes Mar 2, 2020
View reviewed changes
Copy link
Contributor

@davidsh davidsh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@davidsh davidsh mentioned this pull request Mar 2, 2020
Merged
@danmoseley
Copy link
Member

danmoseley commented Mar 4, 2020

@davidsh is this good to get "servicing-consider" label?

@davidsh
Copy link
Contributor

davidsh commented Mar 4, 2020

@davidsh is this good to get "servicing-consider" label?

Yes.

@danmoseley danmoseley added the Servicing-consider Issue for next servicing release review label Mar 4, 2020
@danmoseley
Copy link
Member

danmoseley commented Mar 4, 2020

Ok done.

@leecow leecow added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Mar 5, 2020
@leecow leecow modified the milestones: 3.1.x, 3.1.4 Mar 5, 2020
@Anipik Anipik merged commit e4c1979 into dotnet:release/3.1 Mar 25, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@davidsh davidsh davidsh approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area-System.Net.Http Servicing-approved Approved for servicing release tenet-compatibility Incompatibility with previous versions or .NET Framework

Projects

None yet

Milestone

3.1.4

Development

Successfully merging this pull request may close these issues.

6 participants

@microkatz @danmoseley @davidsh @leecow @Anipik @Dotnet-GitSync-Bot