Treat the authentication object as invalid if digest configuration is chosen and the digest is not of the correct length.

(closes issue ASTERISK-22003) Reported by: Rusty Newton git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393857 65c4cc65-6c06-0410-ace0-fbb531ad65f3
12 years ago · 0f7d4d308e
parent a0684d97f5
commit 0f7d4d308e
1 changed files with 5 additions and 0 deletions
--- a/res/res_sip/config_auth.c
+++ b/res/res_sip/config_auth.c
@ -85,6 +85,11 @@ static int auth_apply(const struct ast_sorcery *sorcery, void *obj)
 			ast_log(LOG_ERROR, "'md5' authentication specified but no md5_cred"
 					"specified for auth '%s'\n", ast_sorcery_object_get_id(auth));
 			res = -1;
+		} else if (strlen(auth->md5_creds) != PJSIP_MD5STRLEN) {
+			ast_log(LOG_ERROR, "'md5' authentication requires digest of '%d', but"
+				"digest is of '%d' for auth '%s'\n", PJSIP_MD5STRLEN, (int)strlen(auth->md5_creds),
+				ast_sorcery_object_get_id(auth));
+			res = -1;
 		}
 		break;
 	case AST_SIP_AUTH_TYPE_ARTIFICIAL: