Blame SOURCES/squid-3.5.20-CVE-2023-46847.patch
|
 |
4de467 |
diff --git a/src/auth/digest/Config.cc b/src/auth/digest/Config.cc
|
|
|
4de467 |
index 1008ca6..274a20c 100644
|
|
|
4de467 |
--- a/src/auth/digest/Config.cc
|
|
|
4de467 |
+++ b/src/auth/digest/Config.cc
|
|
|
4de467 |
@@ -839,11 +839,15 @@ Auth::Digest::Config::decode(char const *proxy_auth, const char *aRequestRealm)
|
|
|
4de467 |
break;
|
|
|
4de467 |
|
|
|
4de467 |
case DIGEST_NC:
|
|
|
4de467 |
- if (value.size() != 8) {
|
|
|
4de467 |
+ if (value.size() == 8) {
|
|
|
4de467 |
+ // for historical reasons, the nc value MUST be exactly 8 bytes
|
|
|
4de467 |
+ static_assert(sizeof(digest_request->nc) == 8 + 1, "bad nc buffer size");
|
|
|
4de467 |
+ xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1);
|
|
|
4de467 |
+ debugs(29, 9, "Found noncecount '" << digest_request->nc << "'");
|
|
|
4de467 |
+ } else {
|
|
|
4de467 |
debugs(29, 9, "Invalid nc '" << value << "' in '" << temp << "'");
|
|
|
4de467 |
+ digest_request->nc[0] = 0;
|
|
|
4de467 |
}
|
|
|
4de467 |
- xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1);
|
|
|
4de467 |
- debugs(29, 9, "Found noncecount '" << digest_request->nc << "'");
|
|
|
4de467 |
break;
|
|
|
4de467 |
|
|
|
4de467 |
case DIGEST_CNONCE:
|