Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
squid
SQUID-2023_3.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File SQUID-2023_3.patch of Package squid
From dc0e10bec3334053c1a5297e50dd7052ea18aef0 Mon Sep 17 00:00:00 2001 From: Alex Bason <nonsleepr@gmail.com> Date: Sun, 15 Oct 2023 13:04:47 +0000 Subject: [PATCH] Fix stack buffer overflow when parsing Digest Authorization (#1517) The bug was discovered and detailed by Joshua Rogers at https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html where it was filed as "Stack Buffer Overflow in Digest Authentication". --- src/auth/digest/Config.cc | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) Index: squid-3.5.21/src/auth/digest/Config.cc =================================================================== --- squid-3.5.21.orig/src/auth/digest/Config.cc +++ squid-3.5.21/src/auth/digest/Config.cc @@ -858,11 +858,15 @@ Auth::Digest::Config::decode(char const break; case DIGEST_NC: - if (value.size() != 8) { + if (value.size() == 8) { + // for historical reasons, the nc value MUST be exactly 8 bytes + // [FAILS on SLE-12] static_assert(sizeof(digest_request->nc) == 8 + 1); + xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1); + debugs(29, 9, "Found noncecount '" << digest_request->nc << "'"); + } else { debugs(29, 9, "Invalid nc '" << value << "' in '" << temp << "'"); + digest_request->nc[0] = 0; } - xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1); - debugs(29, 9, "Found noncecount '" << digest_request->nc << "'"); break; case DIGEST_CNONCE:
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor