From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sat, 17 Jan 2015 17:20:05 +0000 (-0800)
Subject: squidclient: buf reuse looses encoded header data after rev.13785
X-Git-Tag: merge-candidate-3-v1~336
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8310dd14f3db3c52c3cd7fedf480a1df960e3310;p=thirdparty%2Fsquid.git

squidclient: buf reuse looses encoded header data after rev.13785
---

diff --git a/tools/squidclient/squidclient.cc b/tools/squidclient/squidclient.cc
index f51024795d..32106b3ff7 100644
--- a/tools/squidclient/squidclient.cc
+++ b/tools/squidclient/squidclient.cc
@@ -431,12 +431,14 @@ main(int argc, char *argv[])
                 std::cerr << "ERROR: Proxy password missing" << std::endl;
                 exit(1);
             }
-            blen = base64_encode_update(&ctx, reinterpret_cast<uint8_t*>(buf), strlen(user), reinterpret_cast<const uint8_t*>(user));
-            blen += base64_encode_update(&ctx, reinterpret_cast<uint8_t*>(buf+blen), 1, reinterpret_cast<const uint8_t*>(":"));
-            blen += base64_encode_update(&ctx, reinterpret_cast<uint8_t*>(buf+blen), strlen(password), reinterpret_cast<const uint8_t*>(password));
-            blen += base64_encode_final(&ctx, reinterpret_cast<uint8_t*>(buf+blen));
-            snprintf(buf, BUFSIZ, "Proxy-Authorization: Basic %.*s\r\n", (int)blen, buf);
+            uint8_t *pwdBuf = new uint8_t[base64_encode_len(strlen(user)+1+strlen(password))];
+            blen = base64_encode_update(&ctx, pwdBuf, strlen(user), reinterpret_cast<const uint8_t*>(user));
+            blen += base64_encode_update(&ctx, pwdBuf+blen, 1, reinterpret_cast<const uint8_t*>(":"));
+            blen += base64_encode_update(&ctx, pwdBuf+blen, strlen(password), reinterpret_cast<const uint8_t*>(password));
+            blen += base64_encode_final(&ctx, pwdBuf+blen);
+            snprintf(buf, BUFSIZ, "Proxy-Authorization: Basic %.*s\r\n", (int)blen, reinterpret_cast<char*>(pwdBuf));
             strcat(msg, buf);
+            delete[] pwdBuf;
         }
         if (www_user) {
             const char *user = www_user;
@@ -449,12 +451,14 @@ main(int argc, char *argv[])
                 std::cerr << "ERROR: WWW password missing" << std::endl;
                 exit(1);
             }
-            blen = base64_encode_update(&ctx, reinterpret_cast<uint8_t*>(buf), strlen(user), reinterpret_cast<const uint8_t*>(user));
-            blen += base64_encode_update(&ctx, reinterpret_cast<uint8_t*>(buf+blen), 1, reinterpret_cast<const uint8_t*>(":"));
-            blen += base64_encode_update(&ctx, reinterpret_cast<uint8_t*>(buf+blen), strlen(password), reinterpret_cast<const uint8_t*>(password));
-            blen += base64_encode_final(&ctx, reinterpret_cast<uint8_t*>(buf+blen));
-            snprintf(buf, BUFSIZ, "Authorization: Basic %.*s\r\n", (int)blen, buf);
+            uint8_t *pwdBuf = new uint8_t[base64_encode_len(strlen(user)+1+strlen(password))];
+            blen = base64_encode_update(&ctx, pwdBuf, strlen(user), reinterpret_cast<const uint8_t*>(user));
+            blen += base64_encode_update(&ctx, pwdBuf+blen, 1, reinterpret_cast<const uint8_t*>(":"));
+            blen += base64_encode_update(&ctx, pwdBuf+blen, strlen(password), reinterpret_cast<const uint8_t*>(password));
+            blen += base64_encode_final(&ctx, pwdBuf+blen);
+            snprintf(buf, BUFSIZ, "Authorization: Basic %.*s\r\n", (int)blen, reinterpret_cast<char*>(pwdBuf));
             strcat(msg, buf);
+            delete[] pwdBuf;
         }
 #if HAVE_GSSAPI
         if (www_neg) {