2019-07-18 16:14:00 +02:00
|
|
|
Author: Adam Majer <amajer@suse.de>
|
|
|
|
Date: Thu Jul 18 13:57:22 CEST 2019
|
|
|
|
|
|
|
|
nettle from SLE-12 is missing the change from later
|
|
|
|
versions that ignores the destLen parameter size to
|
|
|
|
base64_decode_update function. This is only used in
|
|
|
|
the assert() but we need to pass real size of the buffer
|
|
|
|
as otherwise all we get is a crash.
|
|
|
|
|
|
|
|
The missing commit in nettle is,
|
|
|
|
commit 07cb0b62a5fab216ed647f5a87e0f17ab3c9a615
|
|
|
|
Author: Niels Möller <nisse@lysator.liu.se>
|
|
|
|
Date: Fri Feb 7 09:11:20 2014 +0100
|
|
|
|
|
|
|
|
Base64 and base16 decoding: Use *dst_length as output only.
|
|
|
|
|
|
|
|
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/src/HttpHeader.cc
|
2019-07-18 16:14:00 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/HttpHeader.cc
|
|
|
|
+++ squid-5.4.1/src/HttpHeader.cc
|
|
|
|
@@ -1351,8 +1351,8 @@ HttpHeader::getAuthToken(Http::HdrType i
|
2019-07-18 16:27:06 +02:00
|
|
|
char *decodedAuthToken = result.rawAppendStart(BASE64_DECODE_LENGTH(fieldLen));
|
|
|
|
struct base64_decode_ctx ctx;
|
|
|
|
base64_decode_init(&ctx);
|
|
|
|
- size_t decodedLen = 0;
|
2019-08-07 10:32:10 +02:00
|
|
|
- if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(decodedAuthToken), fieldLen, field) ||
|
|
|
|
+ unsigned decodedLen = BASE64_DECODE_LENGTH(fieldLen);
|
|
|
|
+ if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(decodedAuthToken), fieldLen, (uint8_t*)field) ||
|
2019-07-18 16:27:06 +02:00
|
|
|
!base64_decode_final(&ctx)) {
|
|
|
|
return nil;
|
2019-08-07 10:32:10 +02:00
|
|
|
}
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/src/auth/basic/Config.cc
|
2019-07-18 16:27:06 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/auth/basic/Config.cc
|
|
|
|
+++ squid-5.4.1/src/auth/basic/Config.cc
|
|
|
|
@@ -178,8 +178,8 @@ Auth::Basic::Config::decodeCleartext(con
|
2019-07-18 16:27:06 +02:00
|
|
|
struct base64_decode_ctx ctx;
|
|
|
|
base64_decode_init(&ctx);
|
|
|
|
|
|
|
|
- size_t dstLen = 0;
|
2019-08-07 10:32:10 +02:00
|
|
|
- if (base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(cleartext), srcLen, eek) && base64_decode_final(&ctx)) {
|
|
|
|
+ unsigned int dstLen = BASE64_DECODE_LENGTH(srcLen)+1;
|
|
|
|
+ if (base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(cleartext), srcLen, (const uint8_t*)eek) && base64_decode_final(&ctx)) {
|
2019-07-18 16:27:06 +02:00
|
|
|
cleartext[dstLen] = '\0';
|
|
|
|
|
2022-03-29 14:30:01 +02:00
|
|
|
if (utf8 && !isValidUtf8String(cleartext, cleartext + dstLen)) {
|
|
|
|
Index: squid-5.4.1/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
|
2019-07-18 16:27:06 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
|
|
|
|
+++ squid-5.4.1/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
|
2019-07-18 16:27:06 +02:00
|
|
|
@@ -131,6 +131,7 @@ token_decode(size_t *decodedLen, uint8_t
|
|
|
|
{
|
|
|
|
struct base64_decode_ctx ctx;
|
|
|
|
base64_decode_init(&ctx);
|
|
|
|
+ *decodedLen = BASE64_DECODE_LENGTH(strlen(srcLen));
|
2022-03-29 14:30:01 +02:00
|
|
|
if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), buf) ||
|
2019-07-18 16:27:06 +02:00
|
|
|
!base64_decode_final(&ctx)) {
|
|
|
|
SEND("BH base64 decode failed");
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
|
2019-07-18 16:27:06 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
|
|
|
|
+++ squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
@@ -681,8 +681,8 @@ main(int argc, char *const argv[])
|
2019-07-18 16:14:00 +02:00
|
|
|
|
|
|
|
struct base64_decode_ctx ctx;
|
|
|
|
base64_decode_init(&ctx);
|
2019-07-18 16:27:06 +02:00
|
|
|
- size_t dstLen = 0;
|
2019-08-07 10:32:10 +02:00
|
|
|
- if (!base64_decode_update(&ctx, &dstLen, static_cast<uint8_t*>(input_token.value), srcLen, b64Token) ||
|
|
|
|
+ unsigned dstLen = BASE64_DECODE_LENGTH(srcLen);
|
|
|
|
+ if (!base64_decode_update(&ctx, &dstLen, static_cast<uint8_t*>(input_token.value), srcLen, (const uint8_t*)b64Token) ||
|
2019-07-18 16:14:00 +02:00
|
|
|
!base64_decode_final(&ctx)) {
|
|
|
|
debug((char *) "%s| %s: ERROR: Invalid base64 token [%s]\n", LogTime(), PROGRAM, b64Token);
|
2019-08-07 10:32:10 +02:00
|
|
|
fprintf(stdout, "BH Invalid negotiate request token\n");
|
|
|
|
@@ -743,8 +743,8 @@ main(int argc, char *const argv[])
|
|
|
|
}
|
|
|
|
struct base64_encode_ctx tokCtx;
|
|
|
|
base64_encode_init(&tokCtx);
|
|
|
|
- size_t blen = base64_encode_update(&tokCtx, token, spnegoTokenLength, reinterpret_cast<const uint8_t*>(spnegoToken));
|
|
|
|
- blen += base64_encode_final(&tokCtx, token+blen);
|
|
|
|
+ size_t blen = base64_encode_update(&tokCtx, (uint8_t*)token, spnegoTokenLength, reinterpret_cast<const uint8_t*>(spnegoToken));
|
|
|
|
+ blen += base64_encode_final(&tokCtx, (uint8_t*)token+blen);
|
|
|
|
token[blen] = '\0';
|
|
|
|
|
|
|
|
if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log, 1))
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/src/auth/negotiate/wrapper/negotiate_wrapper.cc
|
2019-07-18 16:14:00 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/auth/negotiate/wrapper/negotiate_wrapper.cc
|
|
|
|
+++ squid-5.4.1/src/auth/negotiate/wrapper/negotiate_wrapper.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
@@ -192,8 +192,8 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT
|
2019-07-18 16:14:00 +02:00
|
|
|
|
|
|
|
struct base64_decode_ctx ctx;
|
|
|
|
base64_decode_init(&ctx);
|
2019-07-18 16:27:06 +02:00
|
|
|
- size_t dstLen = 0;
|
2019-08-07 10:32:10 +02:00
|
|
|
- if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), buf+3) ||
|
|
|
|
+ unsigned dstLen = length+1;
|
|
|
|
+ if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), (const uint8_t*)buf+3) ||
|
2019-07-18 16:14:00 +02:00
|
|
|
!base64_decode_final(&ctx)) {
|
2019-07-18 16:27:06 +02:00
|
|
|
if (debug_enabled)
|
2019-08-07 10:32:10 +02:00
|
|
|
fprintf(stderr, "%s| %s: Invalid base64 token [%s]\n", LogTime(), PROGRAM, buf+3);
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
|
2019-07-18 16:14:00 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
|
|
|
|
+++ squid-5.4.1/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
@@ -203,8 +203,8 @@ make_challenge(char *domain, char *domai
|
|
|
|
|
|
|
|
struct base64_encode_ctx ctx;
|
|
|
|
base64_encode_init(&ctx);
|
|
|
|
- size_t blen = base64_encode_update(&ctx, b64buf, len, reinterpret_cast<const uint8_t *>(&chal));
|
|
|
|
- blen += base64_encode_final(&ctx, b64buf+blen);
|
|
|
|
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, len, reinterpret_cast<const uint8_t *>(&chal));
|
|
|
|
+ blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen);
|
|
|
|
b64buf[blen] = '\0';
|
|
|
|
return b64buf;
|
|
|
|
}
|
|
|
|
@@ -516,9 +516,9 @@ manage_request()
|
|
|
|
/* figure out what we got */
|
2019-07-18 16:14:00 +02:00
|
|
|
struct base64_decode_ctx ctx;
|
|
|
|
base64_decode_init(&ctx);
|
2019-08-07 10:32:10 +02:00
|
|
|
- size_t dstLen = 0;
|
|
|
|
+ unsigned dstLen = NTLM_BLOB_BUFFER_SIZE;
|
|
|
|
int decodedLen = 0;
|
|
|
|
- if (!base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(decoded), strlen(buf)-3, buf+3) ||
|
|
|
|
+ if (!base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(decoded), strlen(buf)-3, (const uint8_t*)buf+3) ||
|
2019-07-18 16:14:00 +02:00
|
|
|
!base64_decode_final(&ctx)) {
|
2019-07-18 16:27:06 +02:00
|
|
|
SEND("NA Packet format error, couldn't base64-decode");
|
2019-08-07 10:32:10 +02:00
|
|
|
return;
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
|
2019-07-18 16:14:00 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
|
|
|
|
+++ squid-5.4.1/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
|
2019-07-18 16:27:06 +02:00
|
|
|
@@ -418,6 +418,7 @@ token_decode(size_t *decodedLen, uint8_t
|
|
|
|
{
|
2019-07-18 16:14:00 +02:00
|
|
|
struct base64_decode_ctx ctx;
|
|
|
|
base64_decode_init(&ctx);
|
2019-07-18 16:27:06 +02:00
|
|
|
+ *decodedLen = BASE64_DECODE_LENGTH(strlen(buf))+1;
|
2022-03-29 14:30:01 +02:00
|
|
|
if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), buf) ||
|
2019-07-18 16:14:00 +02:00
|
|
|
!base64_decode_final(&ctx)) {
|
2019-07-18 16:27:06 +02:00
|
|
|
SEND_BH("message=\"base64 decode failed\"");
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/src/auth/ntlm/fake/ntlm_fake_auth.cc
|
2019-07-18 16:27:06 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/auth/ntlm/fake/ntlm_fake_auth.cc
|
|
|
|
+++ squid-5.4.1/src/auth/ntlm/fake/ntlm_fake_auth.cc
|
|
|
|
@@ -164,9 +164,9 @@ main(int argc, char *argv[])
|
2019-07-18 16:27:06 +02:00
|
|
|
ntlmhdr *packet;
|
|
|
|
struct base64_decode_ctx ctx;
|
|
|
|
base64_decode_init(&ctx);
|
|
|
|
- size_t dstLen = 0;
|
2019-08-07 10:32:10 +02:00
|
|
|
+ unsigned dstLen = HELPER_INPUT_BUFFER;
|
2019-07-18 16:27:06 +02:00
|
|
|
if (buflen > 3 &&
|
2019-08-07 10:32:10 +02:00
|
|
|
- base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, buf+3) &&
|
|
|
|
+ base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, (const uint8_t*)buf+3) &&
|
2019-07-18 16:27:06 +02:00
|
|
|
base64_decode_final(&ctx)) {
|
2019-08-07 10:32:10 +02:00
|
|
|
decodedLen = dstLen;
|
|
|
|
packet = (ntlmhdr*)decodedBuf;
|
2022-03-29 14:30:01 +02:00
|
|
|
@@ -205,8 +205,8 @@ main(int argc, char *argv[])
|
2019-08-07 10:32:10 +02:00
|
|
|
struct base64_encode_ctx eCtx;
|
|
|
|
base64_encode_init(&eCtx);
|
|
|
|
char *data = static_cast<char *>(xcalloc(base64_encode_len(len), 1));
|
|
|
|
- size_t blen = base64_encode_update(&eCtx, data, len, reinterpret_cast<const uint8_t *>(&chal));
|
|
|
|
- blen += base64_encode_final(&eCtx, data+blen);
|
|
|
|
+ size_t blen = base64_encode_update(&eCtx, (uint8_t*)data, len, reinterpret_cast<const uint8_t *>(&chal));
|
|
|
|
+ blen += base64_encode_final(&eCtx, (uint8_t*)data+blen);
|
|
|
|
if (NTLM_packet_debug_enabled) {
|
|
|
|
printf("TT %.*s\n", (int)blen, data);
|
|
|
|
debug("sending 'TT' to squid with data:\n");
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/tools/cachemgr.cc
|
2019-07-18 16:14:00 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/tools/cachemgr.cc
|
|
|
|
+++ squid-5.4.1/tools/cachemgr.cc
|
|
|
|
@@ -1110,8 +1110,8 @@ make_pub_auth(cachemgr_request * req)
|
2019-08-07 10:32:10 +02:00
|
|
|
req->pub_auth = (char *) xmalloc(encodedLen);
|
|
|
|
struct base64_encode_ctx ctx;
|
|
|
|
base64_encode_init(&ctx);
|
|
|
|
- size_t blen = base64_encode_update(&ctx, req->pub_auth, bufLen, reinterpret_cast<uint8_t*>(buf));
|
|
|
|
- blen += base64_encode_final(&ctx, req->pub_auth + blen);
|
|
|
|
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)req->pub_auth, bufLen, reinterpret_cast<uint8_t*>(buf));
|
|
|
|
+ blen += base64_encode_final(&ctx, (uint8_t*)req->pub_auth + blen);
|
|
|
|
req->pub_auth[blen] = '\0';
|
|
|
|
debug("cmgr: encoded: '%s'\n", req->pub_auth);
|
|
|
|
}
|
2022-03-29 14:30:01 +02:00
|
|
|
@@ -1131,8 +1131,8 @@ decode_pub_auth(cachemgr_request * req)
|
2019-07-18 16:27:06 +02:00
|
|
|
char *buf = static_cast<char*>(xmalloc(BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1));
|
2019-07-18 16:14:00 +02:00
|
|
|
struct base64_decode_ctx ctx;
|
|
|
|
base64_decode_init(&ctx);
|
2019-07-18 16:27:06 +02:00
|
|
|
- size_t decodedLen = 0;
|
2019-08-07 10:32:10 +02:00
|
|
|
- if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(buf), strlen(req->pub_auth), req->pub_auth) ||
|
|
|
|
+ unsigned decodedLen = BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1;
|
|
|
|
+ if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(buf), strlen(req->pub_auth), (uint8_t*)req->pub_auth) ||
|
2019-07-18 16:27:06 +02:00
|
|
|
!base64_decode_final(&ctx)) {
|
|
|
|
debug("cmgr: base64 decode failure. Incomplete auth token string.\n");
|
2019-08-07 10:32:10 +02:00
|
|
|
xfree(buf);
|
2022-03-29 14:30:01 +02:00
|
|
|
@@ -1225,8 +1225,8 @@ make_auth_header(const cachemgr_request
|
2019-08-07 10:32:10 +02:00
|
|
|
char *str64 = static_cast<char *>(xmalloc(encodedLen));
|
|
|
|
struct base64_encode_ctx ctx;
|
|
|
|
base64_encode_init(&ctx);
|
|
|
|
- size_t blen = base64_encode_update(&ctx, str64, bufLen, reinterpret_cast<uint8_t*>(buf));
|
|
|
|
- blen += base64_encode_final(&ctx, str64+blen);
|
|
|
|
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)str64, bufLen, reinterpret_cast<uint8_t*>(buf));
|
|
|
|
+ blen += base64_encode_final(&ctx, (uint8_t*)str64+blen);
|
|
|
|
str64[blen] = '\0';
|
|
|
|
|
|
|
|
stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %.*s\r\n", (int)blen, str64);
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/include/base64.h
|
2019-08-06 15:19:25 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/include/base64.h
|
|
|
|
+++ squid-5.4.1/include/base64.h
|
2019-08-06 15:19:25 +02:00
|
|
|
@@ -9,11 +9,11 @@
|
|
|
|
#ifndef _SQUID_BASE64_H
|
|
|
|
#define _SQUID_BASE64_H
|
|
|
|
|
|
|
|
-#if HAVE_NETTLE_BASE64_H && HAVE_NETTLE34_BASE64
|
2019-11-08 17:23:28 +01:00
|
|
|
+#if HAVE_NETTLE_BASE64_H
|
2019-08-06 15:19:25 +02:00
|
|
|
#include <nettle/base64.h>
|
|
|
|
|
|
|
|
#else /* Base64 functions copied from Nettle 3.4 under GPLv2, with adjustments */
|
|
|
|
-
|
|
|
|
+#error "Mssing libnettle-devel"
|
|
|
|
/* base64.h
|
|
|
|
|
|
|
|
Base-64 encoding and decoding.
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/lib/base64.c
|
2019-08-06 15:31:27 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/lib/base64.c
|
|
|
|
+++ squid-5.4.1/lib/base64.c
|
2019-08-06 15:31:27 +02:00
|
|
|
@@ -13,7 +13,7 @@
|
|
|
|
#include "squid.h"
|
|
|
|
#include "base64.h"
|
|
|
|
|
|
|
|
-#if !HAVE_NETTLE_BASE64_H || !HAVE_NETTLE34_BASE64
|
|
|
|
+#if !HAVE_NETTLE_BASE64_H
|
|
|
|
|
|
|
|
/* base64-encode.c
|
|
|
|
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/src/format/Format.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/format/Format.cc
|
|
|
|
+++ squid-5.4.1/src/format/Format.cc
|
|
|
|
@@ -556,8 +556,8 @@ Format::Format::assemble(MemBuf &mb, con
|
2019-08-07 10:32:10 +02:00
|
|
|
|
|
|
|
struct base64_encode_ctx ctx;
|
|
|
|
base64_encode_init(&ctx);
|
|
|
|
- auto encLength = base64_encode_update(&ctx, buf, rawLength, reinterpret_cast<const uint8_t*>(handshake.rawContent()));
|
|
|
|
- encLength += base64_encode_final(&ctx, buf + encLength);
|
|
|
|
+ auto encLength = base64_encode_update(&ctx, (uint8_t*)buf, rawLength, reinterpret_cast<const uint8_t*>(handshake.rawContent()));
|
|
|
|
+ encLength += base64_encode_final(&ctx, (uint8_t*)buf + encLength);
|
|
|
|
|
|
|
|
sb.rawAppendFinish(buf, encLength);
|
|
|
|
out = sb.c_str();
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
|
|
|
|
+++ squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
@@ -203,8 +203,8 @@ squid_kerb_proxy_auth(char *proxy)
|
|
|
|
token = (char *) xcalloc(base64_encode_len(output_token.length), 1);
|
|
|
|
struct base64_encode_ctx ctx;
|
|
|
|
base64_encode_init(&ctx);
|
|
|
|
- size_t blen = base64_encode_update(&ctx, token, output_token.length, reinterpret_cast<const uint8_t*>(output_token.value));
|
|
|
|
- blen += base64_encode_final(&ctx, token+blen);
|
|
|
|
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)token, output_token.length, reinterpret_cast<const uint8_t*>(output_token.value));
|
|
|
|
+ blen += base64_encode_final(&ctx, (uint8_t*)token+blen);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
|
|
|
|
+++ squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
@@ -245,8 +245,8 @@ getdomaingids(char *ad_groups, uint32_t
|
|
|
|
base64_encode_init(&ctx);
|
|
|
|
const uint32_t expectedSz = base64_encode_len(length+4) +1 /* terminator */;
|
|
|
|
char *b64buf = static_cast<char *>(xcalloc(expectedSz, 1));
|
|
|
|
- size_t blen = base64_encode_update(&ctx, b64buf, length+4, reinterpret_cast<uint8_t*>(ag));
|
|
|
|
- blen += base64_encode_final(&ctx, b64buf+blen);
|
|
|
|
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, length+4, reinterpret_cast<uint8_t*>(ag));
|
|
|
|
+ blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen);
|
|
|
|
b64buf[expectedSz-1] = '\0';
|
|
|
|
if (!pstrcat(ad_groups, b64buf)) {
|
|
|
|
debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
|
|
|
|
@@ -334,8 +334,8 @@ getextrasids(char *ad_groups, uint32_t E
|
|
|
|
base64_encode_init(&ctx);
|
|
|
|
const uint32_t expectedSz = base64_encode_len(length) +1 /* terminator */;
|
|
|
|
char *b64buf = static_cast<char *>(xcalloc(expectedSz, 1));
|
|
|
|
- size_t blen = base64_encode_update(&ctx, b64buf, length, reinterpret_cast<uint8_t*>(ag));
|
|
|
|
- blen += base64_encode_final(&ctx, b64buf+blen);
|
|
|
|
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, length, reinterpret_cast<uint8_t*>(ag));
|
|
|
|
+ blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen);
|
|
|
|
b64buf[expectedSz-1] = '\0';
|
|
|
|
if (!pstrcat(ad_groups, reinterpret_cast<char*>(b64buf))) {
|
|
|
|
debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/src/adaptation/icap/ModXact.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/adaptation/icap/ModXact.cc
|
|
|
|
+++ squid-5.4.1/src/adaptation/icap/ModXact.cc
|
|
|
|
@@ -1412,10 +1412,10 @@ void Adaptation::Icap::ModXact::makeRequ
|
2019-08-07 10:32:10 +02:00
|
|
|
struct base64_encode_ctx ctx;
|
|
|
|
base64_encode_init(&ctx);
|
|
|
|
char base64buf[base64_encode_len(MAX_LOGIN_SZ)];
|
|
|
|
- size_t resultLen = base64_encode_update(&ctx, base64buf, request->extacl_user.size(), reinterpret_cast<const uint8_t*>(request->extacl_user.rawBuf()));
|
|
|
|
- resultLen += base64_encode_update(&ctx, base64buf+resultLen, 1, reinterpret_cast<const uint8_t*>(":"));
|
|
|
|
- resultLen += base64_encode_update(&ctx, base64buf+resultLen, request->extacl_passwd.size(), reinterpret_cast<const uint8_t*>(request->extacl_passwd.rawBuf()));
|
|
|
|
- resultLen += base64_encode_final(&ctx, base64buf+resultLen);
|
|
|
|
+ size_t resultLen = base64_encode_update(&ctx, (uint8_t*)base64buf, request->extacl_user.size(), reinterpret_cast<const uint8_t*>(request->extacl_user.rawBuf()));
|
|
|
|
+ resultLen += base64_encode_update(&ctx, (uint8_t*)base64buf+resultLen, 1, reinterpret_cast<const uint8_t*>(":"));
|
|
|
|
+ resultLen += base64_encode_update(&ctx, (uint8_t*)base64buf+resultLen, request->extacl_passwd.size(), reinterpret_cast<const uint8_t*>(request->extacl_passwd.rawBuf()));
|
|
|
|
+ resultLen += base64_encode_final(&ctx, (uint8_t*)base64buf+resultLen);
|
|
|
|
buf.appendf("Proxy-Authorization: Basic %.*s\r\n", (int)resultLen, base64buf);
|
|
|
|
}
|
|
|
|
|
2022-03-29 14:30:01 +02:00
|
|
|
@@ -1571,8 +1571,8 @@ void Adaptation::Icap::ModXact::makeUser
|
2019-08-07 10:32:10 +02:00
|
|
|
if (value) {
|
|
|
|
if (TheConfig.client_username_encode) {
|
|
|
|
char base64buf[base64_encode_len(MAX_LOGIN_SZ)];
|
|
|
|
- size_t resultLen = base64_encode_update(&ctx, base64buf, strlen(value), reinterpret_cast<const uint8_t*>(value));
|
|
|
|
- resultLen += base64_encode_final(&ctx, base64buf+resultLen);
|
|
|
|
+ size_t resultLen = base64_encode_update(&ctx, (uint8_t*)base64buf, strlen(value), reinterpret_cast<const uint8_t*>(value));
|
|
|
|
+ resultLen += base64_encode_final(&ctx, (uint8_t*)base64buf+resultLen);
|
|
|
|
buf.appendf("%s: %.*s\r\n", TheConfig.client_username_header, (int)resultLen, base64buf);
|
|
|
|
} else
|
|
|
|
buf.appendf("%s: %s\r\n", TheConfig.client_username_header, value);
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/src/http.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/http.cc
|
|
|
|
+++ squid-5.4.1/src/http.cc
|
|
|
|
@@ -1807,9 +1807,9 @@ httpFixupAuthentication(HttpRequest * re
|
2019-08-07 10:32:10 +02:00
|
|
|
username = request->auth_user_request->username();
|
|
|
|
#endif
|
|
|
|
|
|
|
|
- blen = base64_encode_update(&ctx, loginbuf, strlen(username), reinterpret_cast<const uint8_t*>(username));
|
|
|
|
- blen += base64_encode_update(&ctx, loginbuf+blen, strlen(request->peer_login +1), reinterpret_cast<const uint8_t*>(request->peer_login +1));
|
|
|
|
- blen += base64_encode_final(&ctx, loginbuf+blen);
|
|
|
|
+ blen = base64_encode_update(&ctx, (uint8_t*)loginbuf, strlen(username), reinterpret_cast<const uint8_t*>(username));
|
|
|
|
+ blen += base64_encode_update(&ctx, (uint8_t*)loginbuf+blen, strlen(request->peer_login +1), reinterpret_cast<const uint8_t*>(request->peer_login +1));
|
|
|
|
+ blen += base64_encode_final(&ctx, (uint8_t*)loginbuf+blen);
|
|
|
|
httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf);
|
|
|
|
return;
|
|
|
|
}
|
2022-03-29 14:30:01 +02:00
|
|
|
@@ -1819,10 +1819,10 @@ httpFixupAuthentication(HttpRequest * re
|
2019-08-07 10:32:10 +02:00
|
|
|
(strcmp(request->peer_login, "PASS") == 0 ||
|
|
|
|
strcmp(request->peer_login, "PROXYPASS") == 0)) {
|
|
|
|
|
|
|
|
- blen = base64_encode_update(&ctx, loginbuf, request->extacl_user.size(), reinterpret_cast<const uint8_t*>(request->extacl_user.rawBuf()));
|
|
|
|
- blen += base64_encode_update(&ctx, loginbuf+blen, 1, reinterpret_cast<const uint8_t*>(":"));
|
|
|
|
- blen += base64_encode_update(&ctx, loginbuf+blen, request->extacl_passwd.size(), reinterpret_cast<const uint8_t*>(request->extacl_passwd.rawBuf()));
|
|
|
|
- blen += base64_encode_final(&ctx, loginbuf+blen);
|
|
|
|
+ blen = base64_encode_update(&ctx, (uint8_t*)loginbuf, request->extacl_user.size(), reinterpret_cast<const uint8_t*>(request->extacl_user.rawBuf()));
|
|
|
|
+ blen += base64_encode_update(&ctx, (uint8_t*)loginbuf+blen, 1, reinterpret_cast<const uint8_t*>(":"));
|
|
|
|
+ blen += base64_encode_update(&ctx, (uint8_t*)loginbuf+blen, request->extacl_passwd.size(), reinterpret_cast<const uint8_t*>(request->extacl_passwd.rawBuf()));
|
|
|
|
+ blen += base64_encode_final(&ctx, (uint8_t*)loginbuf+blen);
|
|
|
|
httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf);
|
|
|
|
return;
|
|
|
|
}
|
2022-03-29 14:30:01 +02:00
|
|
|
@@ -1851,8 +1851,8 @@ httpFixupAuthentication(HttpRequest * re
|
2019-08-07 10:32:10 +02:00
|
|
|
}
|
|
|
|
#endif /* HAVE_KRB5 && HAVE_GSSAPI */
|
|
|
|
|
|
|
|
- blen = base64_encode_update(&ctx, loginbuf, strlen(request->peer_login), reinterpret_cast<const uint8_t*>(request->peer_login));
|
|
|
|
- blen += base64_encode_final(&ctx, loginbuf+blen);
|
|
|
|
+ blen = base64_encode_update(&ctx, (uint8_t*)loginbuf, strlen(request->peer_login), reinterpret_cast<const uint8_t*>(request->peer_login));
|
|
|
|
+ blen += base64_encode_final(&ctx, (uint8_t*)loginbuf+blen);
|
|
|
|
httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf);
|
|
|
|
return;
|
|
|
|
}
|
2022-03-29 14:30:01 +02:00
|
|
|
@@ -1979,8 +1979,8 @@ HttpStateData::httpBuildRequestHeader(Ht
|
2019-08-07 10:32:10 +02:00
|
|
|
static char result[base64_encode_len(MAX_URL*2)]; // should be big enough for a single URI segment
|
|
|
|
struct base64_encode_ctx ctx;
|
|
|
|
base64_encode_init(&ctx);
|
|
|
|
- size_t blen = base64_encode_update(&ctx, result, request->url.userInfo().length(), reinterpret_cast<const uint8_t*>(request->url.userInfo().rawContent()));
|
|
|
|
- blen += base64_encode_final(&ctx, result+blen);
|
|
|
|
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)result, request->url.userInfo().length(), reinterpret_cast<const uint8_t*>(request->url.userInfo().rawContent()));
|
|
|
|
+ blen += base64_encode_final(&ctx, (uint8_t*)result+blen);
|
|
|
|
result[blen] = '\0';
|
|
|
|
if (blen)
|
|
|
|
httpHeaderPutStrf(hdr_out, Http::HdrType::AUTHORIZATION, "Basic %.*s", (int)blen, result);
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/src/peer_proxy_negotiate_auth.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/src/peer_proxy_negotiate_auth.cc
|
|
|
|
+++ squid-5.4.1/src/peer_proxy_negotiate_auth.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
@@ -562,8 +562,8 @@ char *peer_proxy_negotiate_auth(char *pr
|
|
|
|
static char b64buf[8192]; // XXX: 8KB only because base64_encode_bin() used to.
|
|
|
|
struct base64_encode_ctx ctx;
|
|
|
|
base64_encode_init(&ctx);
|
|
|
|
- size_t blen = base64_encode_update(&ctx, b64buf, output_token.length, reinterpret_cast<const uint8_t*>(output_token.value));
|
|
|
|
- blen += base64_encode_final(&ctx, b64buf+blen);
|
|
|
|
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, output_token.length, reinterpret_cast<const uint8_t*>(output_token.value));
|
|
|
|
+ blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen);
|
|
|
|
b64buf[blen] = '\0';
|
|
|
|
|
|
|
|
token = reinterpret_cast<char*>(b64buf);
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/tools/squidclient/gssapi_support.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/tools/squidclient/gssapi_support.cc
|
|
|
|
+++ squid-5.4.1/tools/squidclient/gssapi_support.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
@@ -134,8 +134,8 @@ GSSAPI_token(const char *server)
|
|
|
|
token = new char[base64_encode_len(output_token.length)];
|
|
|
|
struct base64_encode_ctx ctx;
|
|
|
|
base64_encode_init(&ctx);
|
|
|
|
- size_t blen = base64_encode_update(&ctx, token, output_token.length, reinterpret_cast<const uint8_t*>(output_token.value));
|
|
|
|
- blen += base64_encode_final(&ctx, token+blen);
|
|
|
|
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)token, output_token.length, reinterpret_cast<const uint8_t*>(output_token.value));
|
|
|
|
+ blen += base64_encode_final(&ctx, (uint8_t*)token+blen);
|
|
|
|
token[blen] = '\0';
|
|
|
|
}
|
|
|
|
}
|
2022-03-29 14:30:01 +02:00
|
|
|
Index: squid-5.4.1/tools/squidclient/squidclient.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
===================================================================
|
2022-03-29 14:30:01 +02:00
|
|
|
--- squid-5.4.1.orig/tools/squidclient/squidclient.cc
|
|
|
|
+++ squid-5.4.1/tools/squidclient/squidclient.cc
|
2019-08-07 10:32:10 +02:00
|
|
|
@@ -212,10 +212,10 @@ Authorization::commit(std::ostream &os)
|
|
|
|
const auto buf = new char[bcapacity];
|
|
|
|
|
|
|
|
size_t bsize = 0;
|
|
|
|
- bsize += base64_encode_update(&ctx, buf, strlen(user), reinterpret_cast<const uint8_t*>(user));
|
|
|
|
- bsize += base64_encode_update(&ctx, buf+bsize, 1, reinterpret_cast<const uint8_t*>(":"));
|
|
|
|
- bsize += base64_encode_update(&ctx, buf+bsize, strlen(password), reinterpret_cast<const uint8_t*>(password));
|
|
|
|
- bsize += base64_encode_final(&ctx, buf+bsize);
|
|
|
|
+ bsize += base64_encode_update(&ctx, (uint8_t*)buf, strlen(user), reinterpret_cast<const uint8_t*>(user));
|
|
|
|
+ bsize += base64_encode_update(&ctx, (uint8_t*)buf+bsize, 1, reinterpret_cast<const uint8_t*>(":"));
|
|
|
|
+ bsize += base64_encode_update(&ctx, (uint8_t*)buf+bsize, strlen(password), reinterpret_cast<const uint8_t*>(password));
|
|
|
|
+ bsize += base64_encode_final(&ctx, (uint8_t*)buf+bsize);
|
|
|
|
assert(bsize <= bcapacity); // paranoid and late but better than nothing
|
|
|
|
|
|
|
|
os << header << ": Basic ";
|