96 lines
4.6 KiB
Diff
96 lines
4.6 KiB
Diff
|
Author: Adam Majer <amajer@suse.de>
|
||
|
Date: Thu Jul 18 13:57:22 CEST 2019
|
||
|
|
||
|
nettle from SLE-12 is missing the change from later
|
||
|
versions that ignores the destLen parameter size to
|
||
|
base64_decode_update function. This is only used in
|
||
|
the assert() but we need to pass real size of the buffer
|
||
|
as otherwise all we get is a crash.
|
||
|
|
||
|
The missing commit in nettle is,
|
||
|
commit 07cb0b62a5fab216ed647f5a87e0f17ab3c9a615
|
||
|
Author: Niels Möller <nisse@lysator.liu.se>
|
||
|
Date: Fri Feb 7 09:11:20 2014 +0100
|
||
|
|
||
|
Base64 and base16 decoding: Use *dst_length as output only.
|
||
|
|
||
|
|
||
|
Index: squid-3.5.21/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
|
||
|
===================================================================
|
||
|
--- squid-3.5.21.orig/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
|
||
|
+++ squid-3.5.21/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
|
||
|
@@ -667,7 +667,7 @@ main(int argc, char *const argv[])
|
||
|
|
||
|
struct base64_decode_ctx ctx;
|
||
|
base64_decode_init(&ctx);
|
||
|
- unsigned int dstLen = 0;
|
||
|
+ unsigned int dstLen = input_token.length;
|
||
|
if (!base64_decode_update(&ctx, &dstLen, static_cast<uint8_t*>(input_token.value), srcLen, b64Token) ||
|
||
|
!base64_decode_final(&ctx)) {
|
||
|
debug((char *) "%s| %s: ERROR: Invalid base64 token [%s]\n", LogTime(), PROGRAM, b64Token);
|
||
|
Index: squid-3.5.21/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc
|
||
|
===================================================================
|
||
|
--- squid-3.5.21.orig/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc
|
||
|
+++ squid-3.5.21/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc
|
||
|
@@ -341,7 +341,7 @@ main(int argc, char *const argv[])
|
||
|
|
||
|
struct base64_decode_ctx ctx;
|
||
|
base64_decode_init(&ctx);
|
||
|
- unsigned int dstLen = 0;
|
||
|
+ unsigned int dstLen = length;
|
||
|
if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), reinterpret_cast<const uint8_t*>(buf+3)) ||
|
||
|
!base64_decode_final(&ctx)) {
|
||
|
if (debug)
|
||
|
Index: squid-3.5.21/helpers/ntlm_auth/fake/ntlm_fake_auth.cc
|
||
|
===================================================================
|
||
|
--- squid-3.5.21.orig/helpers/ntlm_auth/fake/ntlm_fake_auth.cc
|
||
|
+++ squid-3.5.21/helpers/ntlm_auth/fake/ntlm_fake_auth.cc
|
||
|
@@ -151,7 +151,7 @@ main(int argc, char *argv[])
|
||
|
buflen = strlen(buf); /* keep this so we only scan the buffer for \0 once per loop */
|
||
|
struct base64_decode_ctx ctx;
|
||
|
base64_decode_init(&ctx);
|
||
|
- unsigned int dstLen = 0;
|
||
|
+ unsigned int dstLen = HELPER_INPUT_BUFFER;
|
||
|
if (buflen > 3 &&
|
||
|
base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, reinterpret_cast<const uint8_t*>(buf+3)) &&
|
||
|
base64_decode_final(&ctx)) {
|
||
|
Index: squid-3.5.21/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
|
||
|
===================================================================
|
||
|
--- squid-3.5.21.orig/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
|
||
|
+++ squid-3.5.21/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
|
||
|
@@ -517,7 +517,7 @@ manage_request()
|
||
|
/* figure out what we got */
|
||
|
struct base64_decode_ctx ctx;
|
||
|
base64_decode_init(&ctx);
|
||
|
- unsigned int dstLen = 0;
|
||
|
+ unsigned int dstLen = NTLM_BLOB_BUFFER_SIZE;
|
||
|
int decodedLen = 0;
|
||
|
if (!base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(decoded), strlen(buf)-3, reinterpret_cast<const uint8_t*>(buf+3)) ||
|
||
|
!base64_decode_final(&ctx)) {
|
||
|
Index: squid-3.5.21/src/HttpHeader.cc
|
||
|
===================================================================
|
||
|
--- squid-3.5.21.orig/src/HttpHeader.cc
|
||
|
+++ squid-3.5.21/src/HttpHeader.cc
|
||
|
@@ -1535,7 +1535,7 @@ HttpHeader::getAuth(http_hdr_type id, co
|
||
|
static char decodedAuthToken[8192];
|
||
|
struct base64_decode_ctx ctx;
|
||
|
base64_decode_init(&ctx);
|
||
|
- unsigned int decodedLen = 0;
|
||
|
+ unsigned int decodedLen = 8190;
|
||
|
if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(decodedAuthToken), strlen(field), reinterpret_cast<const uint8_t*>(field)) ||
|
||
|
!base64_decode_final(&ctx)) {
|
||
|
return NULL;
|
||
|
Index: squid-3.5.21/src/auth/basic/Config.cc
|
||
|
===================================================================
|
||
|
--- squid-3.5.21.orig/src/auth/basic/Config.cc
|
||
|
+++ squid-3.5.21/src/auth/basic/Config.cc
|
||
|
@@ -173,7 +173,7 @@ Auth::Basic::Config::decodeCleartext(con
|
||
|
struct base64_decode_ctx ctx;
|
||
|
base64_decode_init(&ctx);
|
||
|
|
||
|
- unsigned int dstLen = 0;
|
||
|
+ unsigned int dstLen = BASE64_DECODE_LENGTH(srcLen)+1;
|
||
|
if (base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(cleartext), srcLen, (const uint8_t*)eek) && base64_decode_final(&ctx)) {
|
||
|
cleartext[dstLen] = '\0';
|
||
|
|