Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
squid
nonce-replay.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nonce-replay.patch of Package squid
Fix Nonce replay vulnerability in Digest authentication fixed in version 3.5.2 (CVE-2014-9749, bsc#949942) === modified file 'src/auth/digest/Config.cc' Index: src/auth/digest/UserRequest.cc =================================================================== --- src/auth/digest/UserRequest.cc.orig +++ src/auth/digest/UserRequest.cc @@ -166,10 +166,6 @@ Auth::Digest::UserRequest::authenticate( /* password was checked and did match */ debugs(29, 4, HERE << "user '" << auth_user->username() << "' validated OK"); - - /* auth_user is now linked, we reset these values - * after external auth occurs anyway */ - auth_user->expiretime = current_time.tv_sec; return; } Index: src/auth/digest/auth_digest.cc =================================================================== --- src/auth/digest/auth_digest.cc.orig +++ src/auth/digest/auth_digest.cc @@ -1078,6 +1078,10 @@ Auth::Digest::Config::decode(char const * the user agent won't change user name without warning. */ authDigestUserLinkNonce(digest_user, nonce); + + /* auth_user is now linked, we reset these values + * after external auth occurs anyway */ + auth_user->expiretime = current_time.tv_sec; } else { debugs(29, 9, HERE << "Found user '" << username << "' in the user cache as '" << auth_user << "'"); digest_user = static_cast<Auth::Digest::User *>(auth_user.getRaw()); Index: src/auth/Config.cc =================================================================== --- src/auth/Config.cc.orig +++ src/auth/Config.cc @@ -36,6 +36,8 @@ #include "auth/UserRequest.h" #include "Debug.h" #include "globals.h" +#include "SquidConfig.h" +#include "SquidTime.h" Auth::ConfigVector Auth::TheConfig; @@ -87,7 +89,8 @@ Auth::Config::findUserInCache(const char if (nameKey && (usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, nameKey)))) { while (usernamehash) { if ((usernamehash->user()->auth_type == authType) && - !strcmp(nameKey, (char const *)usernamehash->key)) + !strcmp(nameKey, (char const *)usernamehash->key) && + usernamehash->user()->expiretime + ::Config.authenticateTTL > current_time.tv_sec) return usernamehash->user(); usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor