Author: Adam Majer Date: Thu Jul 18 13:57:22 CEST 2019 nettle from SLE-12 is missing the change from later versions that ignores the destLen parameter size to base64_decode_update function. This is only used in the assert() but we need to pass real size of the buffer as otherwise all we get is a crash. The missing commit in nettle is, commit 07cb0b62a5fab216ed647f5a87e0f17ab3c9a615 Author: Niels Möller Date: Fri Feb 7 09:11:20 2014 +0100 Base64 and base16 decoding: Use *dst_length as output only. Index: squid-4.9/src/HttpHeader.cc =================================================================== --- squid-4.9.orig/src/HttpHeader.cc +++ squid-4.9/src/HttpHeader.cc @@ -1298,8 +1298,8 @@ HttpHeader::getAuthToken(Http::HdrType i char *decodedAuthToken = result.rawAppendStart(BASE64_DECODE_LENGTH(fieldLen)); struct base64_decode_ctx ctx; base64_decode_init(&ctx); - size_t decodedLen = 0; - if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast(decodedAuthToken), fieldLen, field) || + unsigned decodedLen = BASE64_DECODE_LENGTH(fieldLen); + if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast(decodedAuthToken), fieldLen, (uint8_t*)field) || !base64_decode_final(&ctx)) { return nil; } Index: squid-4.9/src/auth/basic/Config.cc =================================================================== --- squid-4.9.orig/src/auth/basic/Config.cc +++ squid-4.9/src/auth/basic/Config.cc @@ -176,8 +176,8 @@ Auth::Basic::Config::decodeCleartext(con struct base64_decode_ctx ctx; base64_decode_init(&ctx); - size_t dstLen = 0; - if (base64_decode_update(&ctx, &dstLen, reinterpret_cast(cleartext), srcLen, eek) && base64_decode_final(&ctx)) { + unsigned int dstLen = BASE64_DECODE_LENGTH(srcLen)+1; + if (base64_decode_update(&ctx, &dstLen, reinterpret_cast(cleartext), srcLen, (const uint8_t*)eek) && base64_decode_final(&ctx)) { cleartext[dstLen] = '\0'; /* Index: squid-4.9/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc =================================================================== --- squid-4.9.orig/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc +++ squid-4.9/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc @@ -131,6 +131,7 @@ token_decode(size_t *decodedLen, uint8_t { struct base64_decode_ctx ctx; base64_decode_init(&ctx); + *decodedLen = BASE64_DECODE_LENGTH(strlen(srcLen)); if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast(buf)) || !base64_decode_final(&ctx)) { SEND("BH base64 decode failed"); Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc =================================================================== --- squid-4.9.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc +++ squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc @@ -681,8 +681,8 @@ main(int argc, char *const argv[]) struct base64_decode_ctx ctx; base64_decode_init(&ctx); - size_t dstLen = 0; - if (!base64_decode_update(&ctx, &dstLen, static_cast(input_token.value), srcLen, b64Token) || + unsigned dstLen = BASE64_DECODE_LENGTH(srcLen); + if (!base64_decode_update(&ctx, &dstLen, static_cast(input_token.value), srcLen, (const uint8_t*)b64Token) || !base64_decode_final(&ctx)) { debug((char *) "%s| %s: ERROR: Invalid base64 token [%s]\n", LogTime(), PROGRAM, b64Token); fprintf(stdout, "BH Invalid negotiate request token\n"); @@ -743,8 +743,8 @@ main(int argc, char *const argv[]) } struct base64_encode_ctx tokCtx; base64_encode_init(&tokCtx); - size_t blen = base64_encode_update(&tokCtx, token, spnegoTokenLength, reinterpret_cast(spnegoToken)); - blen += base64_encode_final(&tokCtx, token+blen); + size_t blen = base64_encode_update(&tokCtx, (uint8_t*)token, spnegoTokenLength, reinterpret_cast(spnegoToken)); + blen += base64_encode_final(&tokCtx, (uint8_t*)token+blen); token[blen] = '\0'; if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log, 1)) Index: squid-4.9/src/auth/negotiate/wrapper/negotiate_wrapper.cc =================================================================== --- squid-4.9.orig/src/auth/negotiate/wrapper/negotiate_wrapper.cc +++ squid-4.9/src/auth/negotiate/wrapper/negotiate_wrapper.cc @@ -192,8 +192,8 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT struct base64_decode_ctx ctx; base64_decode_init(&ctx); - size_t dstLen = 0; - if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), buf+3) || + unsigned dstLen = length+1; + if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), (const uint8_t*)buf+3) || !base64_decode_final(&ctx)) { if (debug_enabled) fprintf(stderr, "%s| %s: Invalid base64 token [%s]\n", LogTime(), PROGRAM, buf+3); Index: squid-4.9/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc =================================================================== --- squid-4.9.orig/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc +++ squid-4.9/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc @@ -203,8 +203,8 @@ make_challenge(char *domain, char *domai struct base64_encode_ctx ctx; base64_encode_init(&ctx); - size_t blen = base64_encode_update(&ctx, b64buf, len, reinterpret_cast(&chal)); - blen += base64_encode_final(&ctx, b64buf+blen); + size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, len, reinterpret_cast(&chal)); + blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen); b64buf[blen] = '\0'; return b64buf; } @@ -516,9 +516,9 @@ manage_request() /* figure out what we got */ struct base64_decode_ctx ctx; base64_decode_init(&ctx); - size_t dstLen = 0; + unsigned dstLen = NTLM_BLOB_BUFFER_SIZE; int decodedLen = 0; - if (!base64_decode_update(&ctx, &dstLen, reinterpret_cast(decoded), strlen(buf)-3, buf+3) || + if (!base64_decode_update(&ctx, &dstLen, reinterpret_cast(decoded), strlen(buf)-3, (const uint8_t*)buf+3) || !base64_decode_final(&ctx)) { SEND("NA Packet format error, couldn't base64-decode"); return; Index: squid-4.9/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc =================================================================== --- squid-4.9.orig/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc +++ squid-4.9/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc @@ -418,6 +418,7 @@ token_decode(size_t *decodedLen, uint8_t { struct base64_decode_ctx ctx; base64_decode_init(&ctx); + *decodedLen = BASE64_DECODE_LENGTH(strlen(buf))+1; if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast(buf)) || !base64_decode_final(&ctx)) { SEND_BH("message=\"base64 decode failed\""); Index: squid-4.9/src/auth/ntlm/fake/ntlm_fake_auth.cc =================================================================== --- squid-4.9.orig/src/auth/ntlm/fake/ntlm_fake_auth.cc +++ squid-4.9/src/auth/ntlm/fake/ntlm_fake_auth.cc @@ -153,9 +153,9 @@ main(int argc, char *argv[]) ntlmhdr *packet; struct base64_decode_ctx ctx; base64_decode_init(&ctx); - size_t dstLen = 0; + unsigned dstLen = HELPER_INPUT_BUFFER; if (buflen > 3 && - base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, buf+3) && + base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, (const uint8_t*)buf+3) && base64_decode_final(&ctx)) { decodedLen = dstLen; packet = (ntlmhdr*)decodedBuf; @@ -190,8 +190,8 @@ main(int argc, char *argv[]) struct base64_encode_ctx eCtx; base64_encode_init(&eCtx); char *data = static_cast(xcalloc(base64_encode_len(len), 1)); - size_t blen = base64_encode_update(&eCtx, data, len, reinterpret_cast(&chal)); - blen += base64_encode_final(&eCtx, data+blen); + size_t blen = base64_encode_update(&eCtx, (uint8_t*)data, len, reinterpret_cast(&chal)); + blen += base64_encode_final(&eCtx, (uint8_t*)data+blen); if (NTLM_packet_debug_enabled) { printf("TT %.*s\n", (int)blen, data); debug("sending 'TT' to squid with data:\n"); Index: squid-4.9/tools/cachemgr.cc =================================================================== --- squid-4.9.orig/tools/cachemgr.cc +++ squid-4.9/tools/cachemgr.cc @@ -1104,8 +1104,8 @@ make_pub_auth(cachemgr_request * req) req->pub_auth = (char *) xmalloc(encodedLen); struct base64_encode_ctx ctx; base64_encode_init(&ctx); - size_t blen = base64_encode_update(&ctx, req->pub_auth, bufLen, reinterpret_cast(buf)); - blen += base64_encode_final(&ctx, req->pub_auth + blen); + size_t blen = base64_encode_update(&ctx, (uint8_t*)req->pub_auth, bufLen, reinterpret_cast(buf)); + blen += base64_encode_final(&ctx, (uint8_t*)req->pub_auth + blen); req->pub_auth[blen] = '\0'; debug("cmgr: encoded: '%s'\n", req->pub_auth); } @@ -1125,8 +1125,8 @@ decode_pub_auth(cachemgr_request * req) char *buf = static_cast(xmalloc(BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1)); struct base64_decode_ctx ctx; base64_decode_init(&ctx); - size_t decodedLen = 0; - if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast(buf), strlen(req->pub_auth), req->pub_auth) || + unsigned decodedLen = BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1; + if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast(buf), strlen(req->pub_auth), (uint8_t*)req->pub_auth) || !base64_decode_final(&ctx)) { debug("cmgr: base64 decode failure. Incomplete auth token string.\n"); xfree(buf); @@ -1219,8 +1219,8 @@ make_auth_header(const cachemgr_request char *str64 = static_cast(xmalloc(encodedLen)); struct base64_encode_ctx ctx; base64_encode_init(&ctx); - size_t blen = base64_encode_update(&ctx, str64, bufLen, reinterpret_cast(buf)); - blen += base64_encode_final(&ctx, str64+blen); + size_t blen = base64_encode_update(&ctx, (uint8_t*)str64, bufLen, reinterpret_cast(buf)); + blen += base64_encode_final(&ctx, (uint8_t*)str64+blen); str64[blen] = '\0'; stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %.*s\r\n", (int)blen, str64); Index: squid-4.9/include/base64.h =================================================================== --- squid-4.9.orig/include/base64.h +++ squid-4.9/include/base64.h @@ -9,11 +9,11 @@ #ifndef _SQUID_BASE64_H #define _SQUID_BASE64_H -#if HAVE_NETTLE_BASE64_H && HAVE_NETTLE34_BASE64 +#if HAVE_NETTLE_BASE64_H #include #else /* Base64 functions copied from Nettle 3.4 under GPLv2, with adjustments */ - +#error "Mssing libnettle-devel" /* base64.h Base-64 encoding and decoding. Index: squid-4.9/lib/base64.c =================================================================== --- squid-4.9.orig/lib/base64.c +++ squid-4.9/lib/base64.c @@ -13,7 +13,7 @@ #include "squid.h" #include "base64.h" -#if !HAVE_NETTLE_BASE64_H || !HAVE_NETTLE34_BASE64 +#if !HAVE_NETTLE_BASE64_H /* base64-encode.c Index: squid-4.9/src/format/Format.cc =================================================================== --- squid-4.9.orig/src/format/Format.cc +++ squid-4.9/src/format/Format.cc @@ -557,8 +557,8 @@ Format::Format::assemble(MemBuf &mb, con struct base64_encode_ctx ctx; base64_encode_init(&ctx); - auto encLength = base64_encode_update(&ctx, buf, rawLength, reinterpret_cast(handshake.rawContent())); - encLength += base64_encode_final(&ctx, buf + encLength); + auto encLength = base64_encode_update(&ctx, (uint8_t*)buf, rawLength, reinterpret_cast(handshake.rawContent())); + encLength += base64_encode_final(&ctx, (uint8_t*)buf + encLength); sb.rawAppendFinish(buf, encLength); out = sb.c_str(); Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc =================================================================== --- squid-4.9.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc +++ squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc @@ -203,8 +203,8 @@ squid_kerb_proxy_auth(char *proxy) token = (char *) xcalloc(base64_encode_len(output_token.length), 1); struct base64_encode_ctx ctx; base64_encode_init(&ctx); - size_t blen = base64_encode_update(&ctx, token, output_token.length, reinterpret_cast(output_token.value)); - blen += base64_encode_final(&ctx, token+blen); + size_t blen = base64_encode_update(&ctx, (uint8_t*)token, output_token.length, reinterpret_cast(output_token.value)); + blen += base64_encode_final(&ctx, (uint8_t*)token+blen); } } Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc =================================================================== --- squid-4.9.orig/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc +++ squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc @@ -245,8 +245,8 @@ getdomaingids(char *ad_groups, uint32_t base64_encode_init(&ctx); const uint32_t expectedSz = base64_encode_len(length+4) +1 /* terminator */; char *b64buf = static_cast(xcalloc(expectedSz, 1)); - size_t blen = base64_encode_update(&ctx, b64buf, length+4, reinterpret_cast(ag)); - blen += base64_encode_final(&ctx, b64buf+blen); + size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, length+4, reinterpret_cast(ag)); + blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen); b64buf[expectedSz-1] = '\0'; if (!pstrcat(ad_groups, b64buf)) { debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n", @@ -334,8 +334,8 @@ getextrasids(char *ad_groups, uint32_t E base64_encode_init(&ctx); const uint32_t expectedSz = base64_encode_len(length) +1 /* terminator */; char *b64buf = static_cast(xcalloc(expectedSz, 1)); - size_t blen = base64_encode_update(&ctx, b64buf, length, reinterpret_cast(ag)); - blen += base64_encode_final(&ctx, b64buf+blen); + size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, length, reinterpret_cast(ag)); + blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen); b64buf[expectedSz-1] = '\0'; if (!pstrcat(ad_groups, reinterpret_cast(b64buf))) { debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n", Index: squid-4.9/src/adaptation/icap/ModXact.cc =================================================================== --- squid-4.9.orig/src/adaptation/icap/ModXact.cc +++ squid-4.9/src/adaptation/icap/ModXact.cc @@ -1369,10 +1369,10 @@ void Adaptation::Icap::ModXact::makeRequ struct base64_encode_ctx ctx; base64_encode_init(&ctx); char base64buf[base64_encode_len(MAX_LOGIN_SZ)]; - size_t resultLen = base64_encode_update(&ctx, base64buf, request->extacl_user.size(), reinterpret_cast(request->extacl_user.rawBuf())); - resultLen += base64_encode_update(&ctx, base64buf+resultLen, 1, reinterpret_cast(":")); - resultLen += base64_encode_update(&ctx, base64buf+resultLen, request->extacl_passwd.size(), reinterpret_cast(request->extacl_passwd.rawBuf())); - resultLen += base64_encode_final(&ctx, base64buf+resultLen); + size_t resultLen = base64_encode_update(&ctx, (uint8_t*)base64buf, request->extacl_user.size(), reinterpret_cast(request->extacl_user.rawBuf())); + resultLen += base64_encode_update(&ctx, (uint8_t*)base64buf+resultLen, 1, reinterpret_cast(":")); + resultLen += base64_encode_update(&ctx, (uint8_t*)base64buf+resultLen, request->extacl_passwd.size(), reinterpret_cast(request->extacl_passwd.rawBuf())); + resultLen += base64_encode_final(&ctx, (uint8_t*)base64buf+resultLen); buf.appendf("Proxy-Authorization: Basic %.*s\r\n", (int)resultLen, base64buf); } @@ -1529,8 +1529,8 @@ void Adaptation::Icap::ModXact::makeUser if (value) { if (TheConfig.client_username_encode) { char base64buf[base64_encode_len(MAX_LOGIN_SZ)]; - size_t resultLen = base64_encode_update(&ctx, base64buf, strlen(value), reinterpret_cast(value)); - resultLen += base64_encode_final(&ctx, base64buf+resultLen); + size_t resultLen = base64_encode_update(&ctx, (uint8_t*)base64buf, strlen(value), reinterpret_cast(value)); + resultLen += base64_encode_final(&ctx, (uint8_t*)base64buf+resultLen); buf.appendf("%s: %.*s\r\n", TheConfig.client_username_header, (int)resultLen, base64buf); } else buf.appendf("%s: %s\r\n", TheConfig.client_username_header, value); Index: squid-4.9/src/http.cc =================================================================== --- squid-4.9.orig/src/http.cc +++ squid-4.9/src/http.cc @@ -1697,9 +1697,9 @@ httpFixupAuthentication(HttpRequest * re username = request->auth_user_request->username(); #endif - blen = base64_encode_update(&ctx, loginbuf, strlen(username), reinterpret_cast(username)); - blen += base64_encode_update(&ctx, loginbuf+blen, strlen(request->peer_login +1), reinterpret_cast(request->peer_login +1)); - blen += base64_encode_final(&ctx, loginbuf+blen); + blen = base64_encode_update(&ctx, (uint8_t*)loginbuf, strlen(username), reinterpret_cast(username)); + blen += base64_encode_update(&ctx, (uint8_t*)loginbuf+blen, strlen(request->peer_login +1), reinterpret_cast(request->peer_login +1)); + blen += base64_encode_final(&ctx, (uint8_t*)loginbuf+blen); httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf); return; } @@ -1709,10 +1709,10 @@ httpFixupAuthentication(HttpRequest * re (strcmp(request->peer_login, "PASS") == 0 || strcmp(request->peer_login, "PROXYPASS") == 0)) { - blen = base64_encode_update(&ctx, loginbuf, request->extacl_user.size(), reinterpret_cast(request->extacl_user.rawBuf())); - blen += base64_encode_update(&ctx, loginbuf+blen, 1, reinterpret_cast(":")); - blen += base64_encode_update(&ctx, loginbuf+blen, request->extacl_passwd.size(), reinterpret_cast(request->extacl_passwd.rawBuf())); - blen += base64_encode_final(&ctx, loginbuf+blen); + blen = base64_encode_update(&ctx, (uint8_t*)loginbuf, request->extacl_user.size(), reinterpret_cast(request->extacl_user.rawBuf())); + blen += base64_encode_update(&ctx, (uint8_t*)loginbuf+blen, 1, reinterpret_cast(":")); + blen += base64_encode_update(&ctx, (uint8_t*)loginbuf+blen, request->extacl_passwd.size(), reinterpret_cast(request->extacl_passwd.rawBuf())); + blen += base64_encode_final(&ctx, (uint8_t*)loginbuf+blen); httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf); return; } @@ -1741,8 +1741,8 @@ httpFixupAuthentication(HttpRequest * re } #endif /* HAVE_KRB5 && HAVE_GSSAPI */ - blen = base64_encode_update(&ctx, loginbuf, strlen(request->peer_login), reinterpret_cast(request->peer_login)); - blen += base64_encode_final(&ctx, loginbuf+blen); + blen = base64_encode_update(&ctx, (uint8_t*)loginbuf, strlen(request->peer_login), reinterpret_cast(request->peer_login)); + blen += base64_encode_final(&ctx, (uint8_t*)loginbuf+blen); httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf); return; } @@ -1869,8 +1869,8 @@ HttpStateData::httpBuildRequestHeader(Ht static char result[base64_encode_len(MAX_URL*2)]; // should be big enough for a single URI segment struct base64_encode_ctx ctx; base64_encode_init(&ctx); - size_t blen = base64_encode_update(&ctx, result, request->url.userInfo().length(), reinterpret_cast(request->url.userInfo().rawContent())); - blen += base64_encode_final(&ctx, result+blen); + size_t blen = base64_encode_update(&ctx, (uint8_t*)result, request->url.userInfo().length(), reinterpret_cast(request->url.userInfo().rawContent())); + blen += base64_encode_final(&ctx, (uint8_t*)result+blen); result[blen] = '\0'; if (blen) httpHeaderPutStrf(hdr_out, Http::HdrType::AUTHORIZATION, "Basic %.*s", (int)blen, result); Index: squid-4.9/src/peer_proxy_negotiate_auth.cc =================================================================== --- squid-4.9.orig/src/peer_proxy_negotiate_auth.cc +++ squid-4.9/src/peer_proxy_negotiate_auth.cc @@ -562,8 +562,8 @@ char *peer_proxy_negotiate_auth(char *pr static char b64buf[8192]; // XXX: 8KB only because base64_encode_bin() used to. struct base64_encode_ctx ctx; base64_encode_init(&ctx); - size_t blen = base64_encode_update(&ctx, b64buf, output_token.length, reinterpret_cast(output_token.value)); - blen += base64_encode_final(&ctx, b64buf+blen); + size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, output_token.length, reinterpret_cast(output_token.value)); + blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen); b64buf[blen] = '\0'; token = reinterpret_cast(b64buf); Index: squid-4.9/tools/squidclient/gssapi_support.cc =================================================================== --- squid-4.9.orig/tools/squidclient/gssapi_support.cc +++ squid-4.9/tools/squidclient/gssapi_support.cc @@ -134,8 +134,8 @@ GSSAPI_token(const char *server) token = new char[base64_encode_len(output_token.length)]; struct base64_encode_ctx ctx; base64_encode_init(&ctx); - size_t blen = base64_encode_update(&ctx, token, output_token.length, reinterpret_cast(output_token.value)); - blen += base64_encode_final(&ctx, token+blen); + size_t blen = base64_encode_update(&ctx, (uint8_t*)token, output_token.length, reinterpret_cast(output_token.value)); + blen += base64_encode_final(&ctx, (uint8_t*)token+blen); token[blen] = '\0'; } } Index: squid-4.9/tools/squidclient/squidclient.cc =================================================================== --- squid-4.9.orig/tools/squidclient/squidclient.cc +++ squid-4.9/tools/squidclient/squidclient.cc @@ -212,10 +212,10 @@ Authorization::commit(std::ostream &os) const auto buf = new char[bcapacity]; size_t bsize = 0; - bsize += base64_encode_update(&ctx, buf, strlen(user), reinterpret_cast(user)); - bsize += base64_encode_update(&ctx, buf+bsize, 1, reinterpret_cast(":")); - bsize += base64_encode_update(&ctx, buf+bsize, strlen(password), reinterpret_cast(password)); - bsize += base64_encode_final(&ctx, buf+bsize); + bsize += base64_encode_update(&ctx, (uint8_t*)buf, strlen(user), reinterpret_cast(user)); + bsize += base64_encode_update(&ctx, (uint8_t*)buf+bsize, 1, reinterpret_cast(":")); + bsize += base64_encode_update(&ctx, (uint8_t*)buf+bsize, strlen(password), reinterpret_cast(password)); + bsize += base64_encode_final(&ctx, (uint8_t*)buf+bsize); assert(bsize <= bcapacity); // paranoid and late but better than nothing os << header << ": Basic ";