]> git.ipfire.org Git - thirdparty/squid.git/commit
projects / thirdparty / squid.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: db9cd17) | patch
negotiate_kerberos_auth: Properly align NDR data (#2186)
authorJoshua Rogers <MegaManSec@users.noreply.github.com>
Mon, 8 Sep 2025 22:18:21 +0000 (22:18 +0000)
committerSquid Anubis <squid-anubis@squid-cache.org>
Mon, 8 Sep 2025 22:18:30 +0000 (22:18 +0000)
commit30de92f3f7436161daf05637797724173d0a52b9
tree391a87725f5ca94d1148efa7d4228753d0538646tree | snapshot
parentdb9cd1720c7382e54e4f31ded8d05eac4da3f0e3commit | diff
negotiate_kerberos_auth: Properly align NDR data (#2186)

Resolves sporadic Negotiate/Kerberos auth failures that manifested
as proxy 407 loops or helper errors when decoding PAC data, depending
on ticket layout.

Previously, the parser advanced bpos by the remainder:
(bpos += bpos %n)
instead of padding to the next multiple of n.

For example, n = 4:
    bpos=5 (r=1): current: 6 (wrong), correct: 8
    bpos=6 (r=2): current: 8 (accidentally right)
    bpos=7 (r=3): current: 10 (wrong), correct: 8
src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc diff | blob | blame | history
Mirror of https://github.com/squid-cache/squid.git