Author: Christos Tsantilas <chtsanti@users.sourceforge.net>

Bug 2308: Segmentation fault in AuthDigestUserRequest::authUser

In this patch:
 - In method AuthDigestConfig::decode just do not delete the digest_request on
errors  but use it as is in the authDigestLogUsername functions.

 - In the method AuthDigestConfig::fixHeader change the line  "int stale = 1;"
to "int stale = 0;" to make squid respond with  "stale=false" in the first
unauthenticated request of web client.

diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc
index c57fca9458d285f373f647d74904fe56a0ef2877..32f6dbe25f67fa0bd404947b52aa072a80c63c69 100644 (file)
--- a/src/auth/digest/auth_digest.cc
+++ b/src/auth/digest/auth_digest.cc
@@ -778,7 +778,7 @@ AuthDigestConfig::fixHeader(AuthUserRequest *auth_user_request, HttpReply *rep,
     if (!authenticate)
         return;
 
-    int stale = 1;
+    int stale = 0;
 
     if (auth_user_request) {
         AuthDigestUserRequest *digest_request;
@@ -1222,7 +1222,6 @@ AuthDigestConfig::decode(char const *proxy_auth)
 
     if (digest_request->cnonce && strlen(digest_request->nc) != 8) {
         debugs(29, 4, "authenticateDigestDecode: nonce count length invalid");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }
 
@@ -1244,7 +1243,6 @@ AuthDigestConfig::decode(char const *proxy_auth)
     if (digest_request->qop && strcmp(digest_request->qop, QOP_AUTH) != 0) {
         /* we received a qop option we didn't send */
         debugs(29, 4, "authenticateDigestDecode: Invalid qop option received");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }
 
@@ -1255,21 +1253,18 @@ AuthDigestConfig::decode(char const *proxy_auth)
 
     if (!digest_request->response || strlen(digest_request->response) != 32) {
         debugs(29, 4, "authenticateDigestDecode: Response length invalid");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }
 
     /* do we have a username ? */
     if (!username || username[0] == '\0') {
         debugs(29, 4, "authenticateDigestDecode: Empty or not present username");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }
 
     /* check that we're not being hacked / the username hasn't changed */
     if (nonce->user && strcmp(username, nonce->user->username())) {
         debugs(29, 4, "authenticateDigestDecode: Username for the nonce does not equal the username for the request");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }
 
@@ -1277,7 +1272,6 @@ AuthDigestConfig::decode(char const *proxy_auth)
     if ((digest_request->qop && !digest_request->cnonce)
             || (!digest_request->qop && digest_request->cnonce)) {
         debugs(29, 4, "authenticateDigestDecode: qop without cnonce, or vice versa!");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }
 
@@ -1287,7 +1281,6 @@ AuthDigestConfig::decode(char const *proxy_auth)
     else if (strcmp(digest_request->algorithm, "MD5")
              && strcmp(digest_request->algorithm, "MD5-sess")) {
         debugs(29, 4, "authenticateDigestDecode: invalid algorithm specified!");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }