[Seaside] Problems with Zinc and DigestAuthentication

Sven Van Caekenberghe sven at beta9.be
Mon May 21 19:16:15 UTC 2012


On 21 May 2012, at 18:49, Dav wrote:

> As you can see username is empty string, realm and nonce are hidden by me.
> Unfortunately I tried to simulate the bug authenticating myself with empty
> string but no errors occurred

It is a bit hard to debug without an actual example string, you will have to try to do that yourself.
Now what I can infer from the stacktrace is that #copyFrom:to: is called with args 2 and -1, the latter being an error of course.
ZnDigestAuthenticator class>>parseAuthRequest: is not very robust it seems, I think this can only happen if value size = 0 from a fragment like 'key='.
Maybe you can try putting an extra guard there when computing the value.

We always appreciate contributions, however small ;-)


More information about the seaside mailing list