From: Patrick Griffis <pgriffis@igalia.com>
Date: Sun, 8 Dec 2024 20:00:35 -0600
Subject: auth-digest: Handle missing realm in authenticate header

(cherry picked from commit e40df6d48a1cbab56f5d15016cc861a503423cfe)

Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/blob/debian/bullseye/debian/patches/CVE-2025-32910-1.patch?ref_type=heads
Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe]
CVE: CVE-2025-32910
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>

Remove test code for fixing do_compile failure of libsoup-2.4, test codes include
new type added in 3.x version
../libsoup-2.74.3/tests/auth-test.c:1554:39: error: unknown type name 'SoupServerMessage'; did you mean 'SoupServerClass'?
 1554 |                                       SoupServerMessage *msg,
      |                                       ^~~~~~~~~~~~~~~~~

Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
 libsoup/soup-auth-digest.c |  3 +++
 1 files changed, 3 insertions(+)

diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
index e8ba990..263a15a 100644
--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
@@ -142,6 +142,9 @@ soup_auth_digest_update (SoupAuth *auth, SoupMessage *msg,
 	guint qop_options;
 	gboolean ok = TRUE;
 
+        if (!soup_auth_get_realm (auth))
+                return FALSE;
+
 	g_free (priv->domain);
 	g_free (priv->nonce);
 	g_free (priv->opaque);