From: Amos Jeffries Date: Tue, 21 May 2019 05:02:06 +0000 (+0000) Subject: Bug 4936: terminating c-strings beyond BASE64_DECODE_LENGTH (#409) X-Git-Tag: SQUID_5_0_1~94 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=04b008df197827198f99488266e0a61b29014ce8;p=thirdparty%2Fsquid.git Bug 4936: terminating c-strings beyond BASE64_DECODE_LENGTH (#409) --- diff --git a/src/auth/negotiate/wrapper/negotiate_wrapper.cc b/src/auth/negotiate/wrapper/negotiate_wrapper.cc index 38e21f19e3..4fac207b54 100644 --- a/src/auth/negotiate/wrapper/negotiate_wrapper.cc +++ b/src/auth/negotiate/wrapper/negotiate_wrapper.cc @@ -112,7 +112,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT) char tbuff[MAX_AUTHTOKEN_LEN]; char buff[MAX_AUTHTOKEN_LEN+2]; char *c; - int length; + size_t length; uint8_t *token = NULL; while (1) { @@ -136,7 +136,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT) *c = '\0'; length = c - buf; if (debug_enabled) - fprintf(stderr, "%s| %s: Got '%s' from squid (length: %d).\n", + fprintf(stderr, "%s| %s: Got '%s' from squid (length: %" PRIuSIZE ").\n", LogTime(), PROGRAM, buf, length); } else { if (debug_enabled) @@ -181,11 +181,11 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT) } length = BASE64_DECODE_LENGTH(strlen(buf+3)); if (debug_enabled) - fprintf(stderr, "%s| %s: Decode '%s' (decoded length: %d).\n", - LogTime(), PROGRAM, buf + 3, (int) length); + fprintf(stderr, "%s| %s: Decode '%s' (decoded length: %" PRIuSIZE ").\n", + LogTime(), PROGRAM, buf + 3, length); safe_free(token); - if (!(token = static_cast(xmalloc(length)))) { + if (!(token = static_cast(xmalloc(length+1)))) { fprintf(stderr, "%s| %s: Error allocating memory for token\n", LogTime(), PROGRAM); return 1; } @@ -200,6 +200,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT) fprintf(stdout, "BH Invalid negotiate request token\n"); continue; } + assert(dstLen <= length); length = dstLen; token[dstLen] = '\0';