Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:yukoff:openSUSE:Leap:42.1:Backports
squid.4108
squid:bsc_949942:CVE-2014-9749.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File squid:bsc_949942:CVE-2014-9749.patch of Package squid.4108
Index: squid-3.3.13/src/auth/digest/UserRequest.cc =================================================================== --- squid-3.3.13.orig/src/auth/digest/UserRequest.cc +++ squid-3.3.13/src/auth/digest/UserRequest.cc @@ -152,10 +152,13 @@ Auth::Digest::UserRequest::authenticate( } /* check for stale nonce */ - if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) { - debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale"); - auth_user->credentials(Auth::Failed); - digest_request->setDenyMessage("Stale nonce"); + /* check Auth::Pending to avoid loop */ + if ((!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) || authDigestNonceIsStale(nonce)) && ( user()->credentials() != Auth::Pending )) { + debugs(29, 3, HERE << auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64); + /* Pending prevent banner and makes a ldap control */ + auth_user->credentials(Auth::Pending); + nonce->flags.valid = false; + authDigestNoncePurge(nonce); return; } Index: squid-3.3.13/src/auth/digest/auth_digest.cc =================================================================== --- squid-3.3.13.orig/src/auth/digest/auth_digest.cc +++ squid-3.3.13/src/auth/digest/auth_digest.cc @@ -105,7 +105,6 @@ static digest_nonce_h *authenticateDiges static digest_nonce_h *authenticateDigestNonceNew(void); static void authenticateDigestNonceDelete(digest_nonce_h * nonce); static void authenticateDigestNonceSetup(void); -static int authDigestNonceIsStale(digest_nonce_h * nonce); static void authDigestNonceEncode(digest_nonce_h * nonce); static void authDigestNonceLink(digest_nonce_h * nonce); #if NOT_USED @@ -400,7 +399,7 @@ authDigestNonceIsValid(digest_nonce_h * return -1; } -static int +int authDigestNonceIsStale(digest_nonce_h * nonce) { /* do we have a nonce ? */ @@ -408,6 +407,10 @@ authDigestNonceIsStale(digest_nonce_h * if (!nonce) return -1; + /* Is it already invalidated? */ + if (!nonce->flags.valid) + return -1; + /* has it's max duration expired? */ if (nonce->noncedata.creationtime + static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->noncemaxduration < current_time.tv_sec) { debugs(29, 4, "authDigestNonceIsStale: Nonce is too old. " << Index: squid-3.3.13/src/auth/digest/auth_digest.h =================================================================== --- squid-3.3.13.orig/src/auth/digest/auth_digest.h +++ squid-3.3.13/src/auth/digest/auth_digest.h @@ -52,6 +52,7 @@ struct _digest_nonce_h : public hash_lin void authDigestNonceUnlink(digest_nonce_h * nonce); int authDigestNonceIsValid(digest_nonce_h * nonce, char nc[9]); +int authDigestNonceIsStale(digest_nonce_h * nonce); const char *authenticateDigestNonceNonceb64(const digest_nonce_h * nonce); int authDigestNonceLastRequest(digest_nonce_h * nonce); void authenticateDigestNonceShutdown(void);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor