git.ipfire.org Git - thirdparty/squid.git/commit

]> git.ipfire.org Git - thirdparty/squid.git/commit

projects / thirdparty / squid.git / commit

author	Francesco Chemolli <5175948+kinkie@users.noreply.github.com>
	Mon, 7 Oct 2024 08:13:17 +0000 (08:13 +0000)
committer	Squid Anubis <squid-anubis@squid-cache.org>
	Tue, 8 Oct 2024 09:33:29 +0000 (09:33 +0000)
commit	416f3ec99b11b61e80a0da2ea5419a7960fb660b
tree	e57029feadbc5885dff63d26036075be0b9d4a89	tree
parent	399990a71bf992654897404bed3ca8fdc217ceed	commit \| diff

Fix validation of Digest auth header parameters (#1906)

Insufficient validation of Digest authentication parameters resulted in
a DigestCalcHA1() call that dereferenced a nil pointer.

This bug was discovered and detailed by Joshua Rogers at
https://megamansec.github.io/Squid-Security-Audit/ where it was filed as
"strlen(NULL) Crash Using Digest Authentication".

src/auth/digest/Config.cc

diff | blob | blame | history

Mirror of https://github.com/squid-cache/squid.git

RSS Atom