From: Štěpán Brož <32738079+brozs@users.noreply.github.com>
Date: Tue, 27 Oct 2020 10:29:18 +0000 (+0000)
Subject: Fix cachemgr.cgi regression in the bug 4957 fix (#741)
X-Git-Tag: 4.15-20210522-snapshot~50
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ec271fe8db9e548fec8a6436346cf27f74f67b57;p=thirdparty%2Fsquid.git

Fix cachemgr.cgi regression in the bug 4957 fix (#741)

After master commit 2e29287, authenticated CGI interface users could not
use the menu links (getting HTTP 403 error). Symptoms in cache.log:

    CacheManager: unknown@...: password needed for 'menu'
    CacheManager: <username>@...: incorrect password for 'menu'
---

diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc
index 8c59629324..0a0d027582 100644
--- a/tools/cachemgr.cc
+++ b/tools/cachemgr.cc
@@ -1092,14 +1092,20 @@ make_pub_auth(cachemgr_request * req)
     if (!req->passwd || !strlen(req->passwd))
         return;
 
+    auto *rfc1738_username = xstrdup(rfc1738_escape(safe_str(req->user_name)));
+    auto *rfc1738_passwd = xstrdup(rfc1738_escape(req->passwd));
+
     /* host | time | user | passwd */
     const int bufLen = snprintf(buf, sizeof(buf), "%s|%d|%s|%s",
                                 req->hostname,
                                 (int) now,
-                                rfc1738_escape(safe_str(req->user_name)),
-                                rfc1738_escape(req->passwd));
+                                rfc1738_username,
+                                rfc1738_passwd);
     debug("cmgr: pre-encoded for pub: %s\n", buf);
 
+    safe_free(rfc1738_username);
+    safe_free(rfc1738_passwd);
+
     const int encodedLen = base64_encode_len(bufLen);
     req->pub_auth = (char *) xmalloc(encodedLen);
     struct base64_encode_ctx ctx;