Bug 5076: WCCP Security Info incorrect (#725)

author Craig Gowing <craiggowing@gmail.com>

Wed, 30 Sep 2020 16:46:39 +0000 (16:46 +0000)

committer Squid Anubis <squid-anubis@squid-cache.org>

Thu, 1 Oct 2020 02:32:43 +0000 (02:32 +0000)
author Craig Gowing <craiggowing@gmail.com>
Wed, 30 Sep 2020 16:46:39 +0000 (16:46 +0000)
committer Squid Anubis <squid-anubis@squid-cache.org>
Thu, 1 Oct 2020 02:32:43 +0000 (02:32 +0000)
diff --git a/src/wccp2.cc b/src/wccp2.cc

index 701c5c3901b838ccb0d4a4579da2be3f1e7f6139..f497d6940e4a4a0e29c99f595f9983a87e7c6a84 100644 (file)
--- a/src/wccp2.cc
+++ b/src/wccp2.cc
@@ -584,7 +584,9 @@ wccp2_update_md5_security(char *password, char *ptr, char *packet, int len)
  
      SquidMD5Init(&M);
  
-    SquidMD5Update(&M, pwd, sizeof(pwd));
+    static_assert(sizeof(pwd) - 1 == 8, "WCCP2 password has exactly 8 (padded) octets, excluding storage-terminating NUL");
+
+    SquidMD5Update(&M, pwd, sizeof(pwd) - 1);
  
      SquidMD5Update(&M, packet, len);
  
@@ -638,7 +640,9 @@ wccp2_check_security(struct wccp2_service_list_t *srv, char *security, char *pac
  
      SquidMD5Init(&M);
  
-    SquidMD5Update(&M, pwd, sizeof(pwd));
+    static_assert(sizeof(pwd) - 1 == 8, "WCCP2 password has exactly 8 (padded) octets, excluding storage-terminating NUL");
+
+    SquidMD5Update(&M, pwd, sizeof(pwd) - 1);
  
      SquidMD5Update(&M, packet, len);
author	Craig Gowing <craiggowing@gmail.com>
	Wed, 30 Sep 2020 16:46:39 +0000 (16:46 +0000)
committer	Squid Anubis <squid-anubis@squid-cache.org>
	Thu, 1 Oct 2020 02:32:43 +0000 (02:32 +0000)