Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-98280

QAuthenticator doesn't check if algorithm is supported

    XMLWordPrintable

Details

    • Windows
    • 5
    • a92619d950fdbf803cdc8c8ca8e75c1c82abb23f (qt/qtbase/dev) e0c73e8b6fda60cb539bb8fb7c0ec741f49f4aa7 (qt/tqtc-qtbase/5.15) 012424637ec69c98153bab35f0731d13b00601c6 (qt/qtbase/6.2)
    • Team 2 Foundation_Sprint 47

    Description

      WEB server supports Digest authentication with SHA-256 and MD5. It's reply contains two www-authenticate (challenges? not sure about terminology):

      www_authenticate: Digest algorithm=SHA-256, realm=...
      www_authenticate: Digest algorithm=MD5, realm=...

      QAuthenticator takes first entry and sends request with
      Digest username=..., algorithm=SHA-256, ...

      Of course, it fails.
      By the way, QNetworkReply argument in authenticationRequired slot contains no headers at all, so I had to capture packets with Wireshark to figure out what's happening.
       

      Attachments

        For Gerrit Dashboard: QTBUG-98280
        # Subject Branch Project Status CR V
        382489,3 QAuthenticator: Filter out algorithms we don't support dev qt/qtbase Status: MERGED +2 0
        383076,2 QAuthenticator: Filter out algorithms we don't support 6.2 qt/qtbase Status: MERGED +2 0
        383078,5 QAuthenticator: Filter out algorithms we don't support tqtc/lts-5.15 qt/tqtc-qtbase Status: MERGED +2 0

        Activity

          People

            manordheim Mårten Nordheim
            sergesh Sergei
            Vladimir Minenko Vladimir Minenko
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes