Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:GA
squid
SQUID-2023_3.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File SQUID-2023_3.patch of Package squid
From dc0e10bec3334053c1a5297e50dd7052ea18aef0 Mon Sep 17 00:00:00 2001 From: Alex Bason <nonsleepr@gmail.com> Date: Sun, 15 Oct 2023 13:04:47 +0000 Subject: [PATCH] Fix stack buffer overflow when parsing Digest Authorization (#1517) The bug was discovered and detailed by Joshua Rogers at https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html where it was filed as "Stack Buffer Overflow in Digest Authentication". --- src/auth/digest/Config.cc | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/auth/digest/Config.cc b/src/auth/digest/Config.cc index f00e2ba68..3c070d242 100644 --- a/src/auth/digest/Config.cc +++ b/src/auth/digest/Config.cc @@ -827,11 +827,15 @@ Auth::Digest::Config::decode(char const *proxy_auth, const HttpRequest *request, break; case DIGEST_NC: - if (value.size() != 8) { + if (value.size() == 8) { + // for historical reasons, the nc value MUST be exactly 8 bytes + static_assert(sizeof(digest_request->nc) == 8 + 1); + xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1); + debugs(29, 9, "Found noncecount '" << digest_request->nc << "'"); + } else { debugs(29, 9, "Invalid nc '" << value << "' in '" << temp << "'"); + digest_request->nc[0] = 0; } - xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1); - debugs(29, 9, "Found noncecount '" << digest_request->nc << "'"); break; case DIGEST_CNONCE: -- 2.25.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor