Closed Bug 923154 Opened 11 years ago Closed 11 years ago

Incorrect parsing of DIGEST-MD5 quoted strings

Categories

(Thunderbird :: Instant Messaging, defect)

Product:
Thunderbird
Component:
Instant Messaging
Version:
24 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 817596

People

(Reporter: mwild1, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/28.0.1500.71 Chrome/28.0.1500.71 Safari/537.36

Steps to reproduce:

Attempt to log into jabber.org's XMPP service using Thunderbird 24 (code suggests the issue is present in trunk, but this is not confirmed by testing yet).


Actual results:

Authentication failed. The error console shows:

Error: Error decoding: nonce="ioL1IIvx4A0igSEO/X3PWZ+mweRBap/9an9Exhy2aoc=" Source File: resource:///modules/xmpp-session.jsm Line: 349 Source Code: prpl-jabber


Expected results:

The source of the bug appears to be the way _generateResponse splits the string in xmpp-authmechs.jsm, which doesn't account for the '=' character occuring in the quoted string.

RFC 2831 says:

      nonce             = "nonce" "=" <"> nonce-value <">
      nonce-value       = qdstr-val
      quoted-string  = ( <"> qdstr-val <"> )
      qdstr-val      = *( qdtext | quoted-pair )
      qdtext         = <any TEXT except <">>
Thanks for the report. Someone already reported in bug 817596 the same issue when attempting to connect to jabber.ubuntu-fr.org.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.