Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
squid.31747
SQUID-2019_3.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File SQUID-2019_3.patch of Package squid.31747
commit ec0d0f39cf28da14eead0ba5e777e95855bc2f67 Author: Amos Jeffries <yadij@users.noreply.github.com> Date: 2019-06-08 21:09:23 +0000 Fix Digest auth parameter parsing (#415) Only remove quoting if the domain=, uri= or qop= parameter value is surrounded by double-quotes. diff --git a/src/auth/digest/Config.cc b/src/auth/digest/Config.cc index 674dd93..d2cd2e9 100644 --- a/src/auth/digest/Config.cc +++ b/src/auth/digest/Config.cc @@ -781,14 +781,14 @@ Auth::Digest::Config::decode(char const *proxy_auth, const char *aRequestRealm) if (keyName == SBuf("domain",6) || keyName == SBuf("uri",3)) { // domain is Special. Not a quoted-string, must not be de-quoted. But is wrapped in '"' // BUG 3077: uri= can also be sent to us in a mangled (invalid!) form like domain - if (*p == '"' && *(p + vlen -1) == '"') { + if (vlen > 1 && *p == '"' && *(p + vlen -1) == '"') { value.limitInit(p+1, vlen-2); } } else if (keyName == SBuf("qop",3)) { // qop is more special. // On request this must not be quoted-string de-quoted. But is several values wrapped in '"' // On response this is a single un-quoted token. - if (*p == '"' && *(p + vlen -1) == '"') { + if (vlen > 1 && *p == '"' && *(p + vlen -1) == '"') { value.limitInit(p+1, vlen-2); } else { value.limitInit(p, vlen);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor