From: hno <>
Date: Mon, 3 Sep 2007 08:41:51 +0000 (+0000)
Subject: Bug #2072: digest_pw_auth fails when using plaintext passwords
X-Git-Tag: SQUID_3_0_RC1~72
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bdda8114c3075fe6e58fd9fe57a404bfe69d8dd2;p=thirdparty%2Fsquid.git

Bug #2072: digest_pw_auth fails when using plaintext passwords

digest_pw_auth may crash or otherwise fail when using plaintext passwords.

Workaround (and more secure): Store Digest H(A1) hashed passwords instead.
---

diff --git a/helpers/digest_auth/password/text_backend.c b/helpers/digest_auth/password/text_backend.c
index 09577c09ae..78a94a885e 100644
--- a/helpers/digest_auth/password/text_backend.c
+++ b/helpers/digest_auth/password/text_backend.c
@@ -99,7 +99,7 @@ read_passwd_file(const char *passwdfile, int ha1mode)
 		fprintf(stderr, "digest_pw_auth: ignoring invalid password for %s\n", user);
 		continue;
 	    }
-	    u = xmalloc(sizeof(*u));
+	    u = xcalloc(1, sizeof(*u));
 	    if (realm) {
 		int len = strlen(user) + strlen(realm) + 2;
 		u->hash.key = malloc(len);