From: Craig Gowing <craiggowing@gmail.com>
Date: Wed, 30 Sep 2020 16:46:39 +0000 (+0000)
Subject: Bug 5076: WCCP Security Info incorrect (#725)
X-Git-Tag: 4.15-20210522-snapshot~58
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dd41a9fca72cda2b43f4f0bc2570d32b46998812;p=thirdparty%2Fsquid.git

Bug 5076: WCCP Security Info incorrect (#725)

When generating and validating WCCP2 Security Info use only an
8 byte password.
---

diff --git a/src/wccp2.cc b/src/wccp2.cc
index 701c5c3901..f497d6940e 100644
--- a/src/wccp2.cc
+++ b/src/wccp2.cc
@@ -584,7 +584,9 @@ wccp2_update_md5_security(char *password, char *ptr, char *packet, int len)
 
     SquidMD5Init(&M);
 
-    SquidMD5Update(&M, pwd, sizeof(pwd));
+    static_assert(sizeof(pwd) - 1 == 8, "WCCP2 password has exactly 8 (padded) octets, excluding storage-terminating NUL");
+
+    SquidMD5Update(&M, pwd, sizeof(pwd) - 1);
 
     SquidMD5Update(&M, packet, len);
 
@@ -638,7 +640,9 @@ wccp2_check_security(struct wccp2_service_list_t *srv, char *security, char *pac
 
     SquidMD5Init(&M);
 
-    SquidMD5Update(&M, pwd, sizeof(pwd));
+    static_assert(sizeof(pwd) - 1 == 8, "WCCP2 password has exactly 8 (padded) octets, excluding storage-terminating NUL");
+
+    SquidMD5Update(&M, pwd, sizeof(pwd) - 1);
 
     SquidMD5Update(&M, packet, len);