sasl-digest-md5: the response needs both the realm and server

Some of the fields in the response wocky sends to the server require
the realm (like the "realm" field) while others require the server name
(like the "digest-uri" field). Usually this bug is not noticeable as the
realm and the server name are the same.

Reviewed-by: Vivek Dasmohapatra <vivek@collabora.co.uk>

1 files changed, 3 insertions, 3 deletions

diff --git a/wocky/wocky-sasl-digest-md5.c b/wocky/wocky-sasl-digest-md5.c
index 75d2437..b98257e 100644
--- a/wocky/wocky-sasl-digest-md5.c
+++ b/wocky/wocky-sasl-digest-md5.c
@@ -339,7 +339,7 @@ md5_prepare_response (WockySaslDigestMd5Private *priv, GHashTable *challenge,
   /* FIXME properly escape values */
   g_string_append_printf (response, "username=\"%s\"", priv->username);
   g_string_append_printf (response, ",realm=\"%s\"", realm);
-  g_string_append_printf (response, ",digest-uri=\"xmpp/%s\"", realm);
+  g_string_append_printf (response, ",digest-uri=\"xmpp/%s\"", priv->server);
   g_string_append_printf (response, ",nonce=\"%s\",nc=00000001", nonce);
   g_string_append_printf (response, ",cnonce=\"%s\"", cnonce);
   /* FIXME should check if auth is in the cop challenge val */
@@ -357,7 +357,7 @@ md5_prepare_response (WockySaslDigestMd5Private *priv, GHashTable *challenge,
 
   g_free (digest_md5);
 
-  a2 = g_strdup_printf ("AUTHENTICATE:xmpp/%s", realm);
+  a2 = g_strdup_printf ("AUTHENTICATE:xmpp/%s", priv->server);
   a2h = md5_hex_hash (a2, -1);
 
   kd = g_strdup_printf ("%s:%s:00000001:%s:auth:%s", a1h, nonce, cnonce, a2h);
@@ -370,7 +370,7 @@ md5_prepare_response (WockySaslDigestMd5Private *priv, GHashTable *challenge,
   g_free (a2h);
 
   /* Calculate the response we expect from the server */
-  a2 = g_strdup_printf (":xmpp/%s", realm);
+  a2 = g_strdup_printf (":xmpp/%s", priv->server);
   a2h = md5_hex_hash (a2, -1);
 
   kd =  g_strdup_printf ("%s:%s:00000001:%s:auth:%s", a1h, nonce, cnonce, a2h);