Bug 4937: cachemgr.cgi: unallocated memory access (#407)

author Amos Jeffries <yadij@users.noreply.github.com>

Sat, 18 May 2019 17:02:33 +0000 (17:02 +0000)

committer Squid Anubis <squid-anubis@squid-cache.org>

Mon, 20 May 2019 09:47:16 +0000 (09:47 +0000)
author Amos Jeffries <yadij@users.noreply.github.com>
Sat, 18 May 2019 17:02:33 +0000 (17:02 +0000)
committer Squid Anubis <squid-anubis@squid-cache.org>
Mon, 20 May 2019 09:47:16 +0000 (09:47 +0000)
diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc

index 98a6ae2316fefa98f29d15f07a94976cbacb5bc8..cdb953c0e797a7e26326bb97c86613f66e45b70c 100644 (file)
--- a/tools/cachemgr.cc
+++ b/tools/cachemgr.cc
@@ -1091,7 +1091,6 @@ make_pub_auth(cachemgr_request * req)
  static void
  decode_pub_auth(cachemgr_request * req)
  {
-    char *buf;
      const char *host_name;
      const char *time_str;
      const char *user_name;
@@ -1103,16 +1102,17 @@ decode_pub_auth(cachemgr_request * req)
      if (!req->pub_auth || strlen(req->pub_auth) < 4 + strlen(safe_str(req->hostname)))
          return;
  
-    size_t decodedLen = BASE64_DECODE_LENGTH(strlen(req->pub_auth));
-    buf = (char*)xmalloc(decodedLen);
+    char *buf = static_cast<char*>(xmalloc(BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1));
      struct base64_decode_ctx ctx;
      base64_decode_init(&ctx);
+    size_t decodedLen = 0;
      if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(buf), strlen(req->pub_auth), req->pub_auth) ||
              !base64_decode_final(&ctx)) {
          debug("cmgr: base64 decode failure. Incomplete auth token string.\n");
          xfree(buf);
          return;
      }
+    buf[decodedLen] = '\0';
  
      debug("cmgr: length ok\n");
author	Amos Jeffries <yadij@users.noreply.github.com>
	Sat, 18 May 2019 17:02:33 +0000 (17:02 +0000)
committer	Squid Anubis <squid-anubis@squid-cache.org>
	Mon, 20 May 2019 09:47:16 +0000 (09:47 +0000)