fix for bug #42008. make HTTP basic auth case insensitive. r=shaver,brendan,gagan,valeski a=brendan.

netwerk/build/nsNetModule.cpp

@@ -100,7 +100,7 @@ RegisterBasicAuth(nsIComponentManager *aCompMgr, nsIFile *aPath,
         do_GetService(NS_CATEGORYMANAGER_PROGID, &rv);
     if (NS_FAILED(rv)) return rv;
     nsXPIDLCString previous;
-    return catman->AddCategoryEntry("http-auth", "Basic", NS_BASICAUTH_PROGID,
+    return catman->AddCategoryEntry("http-auth", "basic", NS_BASICAUTH_PROGID,
                                     PR_TRUE, PR_TRUE, getter_Copies(previous));
 }
 
@@ -113,13 +113,13 @@ UnregisterBasicAuth(nsIComponentManager *aCompMgr, nsIFile *aPath,
         do_GetService(NS_CATEGORYMANAGER_PROGID, &rv);
     if (NS_FAILED(rv)) return rv;
     nsXPIDLCString basicAuth;
-    rv = catman->GetCategoryEntry("http-auth", "Basic",
+    rv = catman->GetCategoryEntry("http-auth", "basic",
                                   getter_Copies(basicAuth));
     if (NS_FAILED(rv)) return rv;
 
     // only unregister if we're the current Basic-auth handler
     if (!strcmp(basicAuth, NS_BASICAUTH_PROGID))
-        return catman->DeleteCategoryEntry("http-auth", "Basic", PR_TRUE,
+        return catman->DeleteCategoryEntry("http-auth", "basic", PR_TRUE,
                                            getter_Copies(basicAuth));
     return NS_OK;
 }

netwerk/protocol/http/src/nsBasicAuth.cpp

@@ -18,6 +18,8 @@
  * Rights Reserved.
  *
  * Contributor(s): 
+ *   Mike Shaver <shaver@zeroknowledge.com>
+ *   Christopher Blizzard <blizzard@mozilla.org>
  */
 
 #include "nsBasicAuth.h"
@@ -43,7 +45,7 @@ nsBasicAuth::Authenticate(nsIURI* i_URI, const char *protocol,
                           char **oResult)
 {
     // we only know how to deal with Basic auth for http.
-    PRBool isBasicAuth = !strncmp(iChallenge, "Basic ", 6);
+    PRBool isBasicAuth = !PL_strncasecmp(iChallenge, "basic ", 6);
     NS_ASSERTION(isBasicAuth, "nsBasicAuth called for non-Basic auth");
     if (!isBasicAuth)
         return NS_ERROR_INVALID_ARG;
@@ -61,8 +63,10 @@ nsBasicAuth::Authenticate(nsIURI* i_URI, const char *protocol,
     if (iPass) {
         cPass.AssignWithConversion(iPass);
     }
-    PRUint32 length = cUser.Length() + (iPass ? (cPass.Length() + 2) : 1);
-    char* tempBuff = (char *)nsMemory::Alloc(length);
+    PRUint32 nbytes = cUser.Length() + 1;
+    if (iPass)
+        nbytes += cPass.Length() + 1;
+    char* tempBuff = (char *)nsMemory::Alloc(nbytes);
     if (!tempBuff)
         return NS_ERROR_OUT_OF_MEMORY;
     strcpy(tempBuff, cUser.GetBuffer());
@@ -71,7 +75,9 @@ nsBasicAuth::Authenticate(nsIURI* i_URI, const char *protocol,
         strcat(tempBuff, cPass.GetBuffer());
     }
 
-    char *base64Buff = PL_Base64Encode(tempBuff, length, nsnull); 
+    // <shaver> we use nbytes - 1 here to avoid encoding the trailing
+    // NUL
+    char *base64Buff = PL_Base64Encode(tempBuff, nbytes - 1, nsnull);
     if (!base64Buff) {
         nsMemory::Free(tempBuff);
         return NS_ERROR_FAILURE; // ??

netwerk/protocol/http/src/nsHTTPChannel.cpp

@@ -19,6 +19,8 @@
  *
  * Contributor(s): 
  *   Pierre Phaneuf <pp@ludusdesign.com>
+ *   Mike Shaver <shaver@zeroknowledge.com>
+ *   Christopher Blizzard <blizzard@mozilla.org>
  */
 
 
@@ -1793,9 +1795,16 @@ nsHTTPChannel::Authenticate(const char *iChallenge, PRBool iProxyAuth)
 #ifdef DEBUG_shaver
     fprintf(stderr, "Auth type: \"%s\"\n", authType.GetBuffer());
 #endif
-
+    // normalize to lowercase
+    char *authLower = nsCRT::strdup(authType.GetBuffer());
+    for (int i = 0; authLower[i]; i++)
+        authLower[i] = tolower(authLower[i]);
+    
     nsCOMPtr<nsIAuthenticator> auth =
-      do_GetServiceFromCategory("http-auth", authType, &rv);
+      do_GetServiceFromCategory("http-auth", authLower, &rv);
+
+    nsMemory::Free(authLower); // free before checking rv
+    
     if (NS_FAILED(rv))
       // XXX report "Authentication-type not supported: %s"
       return NS_ERROR_FAILURE;