From 2e191df64df8678adea7906886e7510941b311a5 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 12 Aug 2016 23:44:43 +0000
Subject: [PATCH] Handle out-of-order parameters to http digest auth

---
 nselib/sasl.lua | 52 +++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 50 insertions(+), 2 deletions(-)

diff --git a/nselib/sasl.lua b/nselib/sasl.lua
index 13083df4a4..1d5565c3c1 100644
--- a/nselib/sasl.lua
+++ b/nselib/sasl.lua
@@ -85,8 +85,9 @@ if HAVE_SSL then
     -- regardless of what RFC says
     parseChallenge = function(self)
       local results = {}
-      local start, stop = 0,0
       if self.chall then
+        local start, stop = self.chall:find("^[Dd][Ii][Gg][Ee][Ss][Tt]%s+")
+        stop = stop or 0
         while(true) do
           local name, value
           start, stop, name = self.chall:find("([^=]*)=%s*", stop + 1)
@@ -97,7 +98,7 @@ if HAVE_SSL then
             start, stop, value = self.chall:find("([^,]*)", stop + 1)
           end
           name = name:lower()
-          if name == "digest realm" then name="realm" end
+          --if name == "digest realm" then name="realm" end
           self.challnvs[name] = value
           start, stop = self.chall:find("%s*,%s*", stop + 1)
           if ( not(start) ) then break end
@@ -458,4 +459,51 @@ Helper = {
   end,
 }
 
+local unittest = require "unittest"
+
+if not unittest.testing() then
+  return _ENV
+end
+
+test_suite = unittest.TestSuite:new()
+
+local _ = "ignored"
+
+local object = DigestMD5:new('Digest realm="test", domain="/HTTP/Digest",\z
+  nonce="c8563a5b367e66b3693fbb07a53a30ba"',
+  _, _, _, _)
+test_suite:add_test(unittest.keys_equal(
+    object.challnvs,
+    {
+      nonce='c8563a5b367e66b3693fbb07a53a30ba',
+      realm='test',
+      domain='/HTTP/Digest',
+    }
+  ))
+
+object = DigestMD5:new('Digest nonce="9e4ab724d272474ab13b64d75300a47b", \z
+  opaque="de40b82666bd5fe631a64f3b2d5a019e", \z
+  realm="me@kennethreitz.com", qop=auth',
+  _, _, _, _)
+test_suite:add_test(unittest.keys_equal(
+    object.challnvs,
+    {
+      nonce='9e4ab724d272474ab13b64d75300a47b',
+      opaque='de40b82666bd5fe631a64f3b2d5a019e',
+      realm='me@kennethreitz.com',
+      qop='auth',
+    }
+  ))
+
+object = DigestMD5:new('realm=test, domain="/HTTP/Digest",\tnonce=c8563a5b367e66b3693fbb07a53a30ba',
+  _, _, _, _)
+test_suite:add_test(unittest.keys_equal(
+    object.challnvs,
+    {
+      nonce='c8563a5b367e66b3693fbb07a53a30ba',
+      realm='test',
+      domain='/HTTP/Digest',
+    }
+  ))
+
 return _ENV;