Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
squid.14299
old_nettle_compat.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File old_nettle_compat.patch of Package squid.14299
Author: Adam Majer <amajer@suse.de> Date: Thu Jul 18 13:57:22 CEST 2019 nettle from SLE-12 is missing the change from later versions that ignores the destLen parameter size to base64_decode_update function. This is only used in the assert() but we need to pass real size of the buffer as otherwise all we get is a crash. The missing commit in nettle is, commit 07cb0b62a5fab216ed647f5a87e0f17ab3c9a615 Author: Niels Möller <nisse@lysator.liu.se> Date: Fri Feb 7 09:11:20 2014 +0100 Base64 and base16 decoding: Use *dst_length as output only. Index: squid-3.5.21/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc =================================================================== --- squid-3.5.21.orig/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc +++ squid-3.5.21/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc @@ -667,7 +667,7 @@ main(int argc, char *const argv[]) struct base64_decode_ctx ctx; base64_decode_init(&ctx); - unsigned int dstLen = 0; + unsigned int dstLen = input_token.length; if (!base64_decode_update(&ctx, &dstLen, static_cast<uint8_t*>(input_token.value), srcLen, b64Token) || !base64_decode_final(&ctx)) { debug((char *) "%s| %s: ERROR: Invalid base64 token [%s]\n", LogTime(), PROGRAM, b64Token); Index: squid-3.5.21/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc =================================================================== --- squid-3.5.21.orig/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc +++ squid-3.5.21/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc @@ -341,7 +341,7 @@ main(int argc, char *const argv[]) struct base64_decode_ctx ctx; base64_decode_init(&ctx); - unsigned int dstLen = 0; + unsigned int dstLen = length; if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), reinterpret_cast<const uint8_t*>(buf+3)) || !base64_decode_final(&ctx)) { if (debug) Index: squid-3.5.21/helpers/ntlm_auth/fake/ntlm_fake_auth.cc =================================================================== --- squid-3.5.21.orig/helpers/ntlm_auth/fake/ntlm_fake_auth.cc +++ squid-3.5.21/helpers/ntlm_auth/fake/ntlm_fake_auth.cc @@ -151,7 +151,7 @@ main(int argc, char *argv[]) buflen = strlen(buf); /* keep this so we only scan the buffer for \0 once per loop */ struct base64_decode_ctx ctx; base64_decode_init(&ctx); - unsigned int dstLen = 0; + unsigned int dstLen = HELPER_INPUT_BUFFER; if (buflen > 3 && base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, reinterpret_cast<const uint8_t*>(buf+3)) && base64_decode_final(&ctx)) { Index: squid-3.5.21/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc =================================================================== --- squid-3.5.21.orig/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc +++ squid-3.5.21/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc @@ -517,7 +517,7 @@ manage_request() /* figure out what we got */ struct base64_decode_ctx ctx; base64_decode_init(&ctx); - unsigned int dstLen = 0; + unsigned int dstLen = NTLM_BLOB_BUFFER_SIZE; int decodedLen = 0; if (!base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(decoded), strlen(buf)-3, reinterpret_cast<const uint8_t*>(buf+3)) || !base64_decode_final(&ctx)) { Index: squid-3.5.21/src/HttpHeader.cc =================================================================== --- squid-3.5.21.orig/src/HttpHeader.cc +++ squid-3.5.21/src/HttpHeader.cc @@ -1535,7 +1535,7 @@ HttpHeader::getAuth(http_hdr_type id, co static char decodedAuthToken[8192]; struct base64_decode_ctx ctx; base64_decode_init(&ctx); - unsigned int decodedLen = 0; + unsigned int decodedLen = 8190; if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(decodedAuthToken), strlen(field), reinterpret_cast<const uint8_t*>(field)) || !base64_decode_final(&ctx)) { return NULL; Index: squid-3.5.21/src/auth/basic/Config.cc =================================================================== --- squid-3.5.21.orig/src/auth/basic/Config.cc +++ squid-3.5.21/src/auth/basic/Config.cc @@ -173,7 +173,7 @@ Auth::Basic::Config::decodeCleartext(con struct base64_decode_ctx ctx; base64_decode_init(&ctx); - unsigned int dstLen = 0; + unsigned int dstLen = BASE64_DECODE_LENGTH(srcLen)+1; if (base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(cleartext), srcLen, (const uint8_t*)eek) && base64_decode_final(&ctx)) { cleartext[dstLen] = '\0';
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor