Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
squid
CVE-2014-9749-WIP.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2014-9749-WIP.patch of Package squid
Index: squid-3.3.13/src/auth/digest/UserRequest.cc =================================================================== --- squid-3.3.13.orig/src/auth/digest/UserRequest.cc +++ squid-3.3.13/src/auth/digest/UserRequest.cc @@ -152,10 +152,13 @@ Auth::Digest::UserRequest::authenticate( } /* check for stale nonce */ - if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) { - debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale"); - auth_user->credentials(Auth::Failed); - digest_request->setDenyMessage("Stale nonce"); + /* check Auth::Pending to avoid loop */ + if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) { + debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64); + /* Pending prevent banner and makes a ldap control */ + auth_user->credentials(Auth::Pending); + nonce->flags.valid = false; + authDigestNoncePurge(nonce); return; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor