From: Yann Ylavic Date: Mon, 18 Jan 2021 17:39:12 +0000 (+0000) Subject: Merge r1885659 from trunk: X-Git-Tag: 2.4.47~135 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3b6431eb9c9dba603385f70a2131ab4a01bf0d3b;p=thirdparty%2Fapache%2Fhttpd.git Merge r1885659 from trunk: mod_auth_digest: Fast validation of the nonce's base64 to fail early if the format can't match anyway. Submitted by: ylavic Reviewed by: ylavic, covener, jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1885666 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index e5c6afc3aa5..5af3c081b93 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.47 + *) mod_auth_digest: Fast validation of the nonce's base64 to fail early if + the format can't match anyway. [Yann Ylavic] + *) mod_proxy_fcgi: Honor "SetEnv proxy-sendcl" to forward a chunked Transfer-Encoding from the client, spooling the request body when needed to provide a Content-Length to the backend. PR 57087. [Yann Ylavic] diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c index 1b5a204278f..d126387cc7f 100644 --- a/modules/aaa/mod_auth_digest.c +++ b/modules/aaa/mod_auth_digest.c @@ -1426,9 +1426,14 @@ static int check_nonce(request_rec *r, digest_header_rec *resp, time_rec nonce_time; char tmp, hash[NONCE_HASH_LEN+1]; - if (strlen(resp->nonce) != NONCE_LEN) { + /* Since the time part of the nonce is a base64 encoding of an + * apr_time_t (8 bytes), it should end with a '=', fail early otherwise. + */ + if (strlen(resp->nonce) != NONCE_LEN + || resp->nonce[NONCE_TIME_LEN - 1] != '=') { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01775) - "invalid nonce %s received - length is not %d", + "invalid nonce '%s' received - length is not %d " + "or time encoding is incorrect", resp->nonce, NONCE_LEN); note_digest_auth_failure(r, conf, resp, 1); return HTTP_UNAUTHORIZED;