Bug 5076: WCCP Security Info incorrect (#725)

author Craig Gowing <craiggowing@gmail.com>

Wed, 30 Sep 2020 16:46:39 +0000 (16:46 +0000)

committer Amos Jeffries <yadij@users.noreply.github.com>

Fri, 9 Oct 2020 02:08:11 +0000 (15:08 +1300)
author Craig Gowing <craiggowing@gmail.com>
Wed, 30 Sep 2020 16:46:39 +0000 (16:46 +0000)
committer Amos Jeffries <yadij@users.noreply.github.com>
Fri, 9 Oct 2020 02:08:11 +0000 (15:08 +1300)
diff --git a/src/wccp2.cc b/src/wccp2.cc

index 61e31f922083c7ee4e7e88f84bf2bfda97723320..cfa885ce6d93ead85c687ab16ff181ac34c54bdc 100644 (file)
--- a/src/wccp2.cc
+++ b/src/wccp2.cc
@@ -584,7 +584,9 @@ wccp2_update_md5_security(char *password, char *ptr, char *packet, int len)
  
      SquidMD5Init(&M);
  
-    SquidMD5Update(&M, pwd, sizeof(pwd));
+    static_assert(sizeof(pwd) - 1 == 8, "WCCP2 password has exactly 8 (padded) octets, excluding storage-terminating NUL");
+
+    SquidMD5Update(&M, pwd, sizeof(pwd) - 1);
  
      SquidMD5Update(&M, packet, len);
  
@@ -638,7 +640,9 @@ wccp2_check_security(struct wccp2_service_list_t *srv, char *security, char *pac
  
      SquidMD5Init(&M);
  
-    SquidMD5Update(&M, pwd, sizeof(pwd));
+    static_assert(sizeof(pwd) - 1 == 8, "WCCP2 password has exactly 8 (padded) octets, excluding storage-terminating NUL");
+
+    SquidMD5Update(&M, pwd, sizeof(pwd) - 1);
  
      SquidMD5Update(&M, packet, len);
author	Craig Gowing <craiggowing@gmail.com>
	Wed, 30 Sep 2020 16:46:39 +0000 (16:46 +0000)
committer	Amos Jeffries <yadij@users.noreply.github.com>
	Fri, 9 Oct 2020 02:08:11 +0000 (15:08 +1300)