From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Wed, 3 Sep 2025 17:36:49 +0000 (+0000)
Subject: negotiate_wrapper: Search buffer with strchr instead of memchr (#2176)
X-Git-Tag: SQUID_7_2~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2ed1fa34248411a7bf1630b4fa8b3fb34e03e5c1;p=thirdparty%2Fsquid.git

negotiate_wrapper: Search buffer with strchr instead of memchr (#2176)

Previously, memchr would search tainted data.
---

diff --git a/src/auth/negotiate/wrapper/negotiate_wrapper.cc b/src/auth/negotiate/wrapper/negotiate_wrapper.cc
index fcf1c31def..b91601a132 100644
--- a/src/auth/negotiate/wrapper/negotiate_wrapper.cc
+++ b/src/auth/negotiate/wrapper/negotiate_wrapper.cc
@@ -132,7 +132,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT)
             fprintf(stdout, "BH input error\n");
             return 0;
         }
-        c = static_cast<char*>(memchr(buf, '\n', sizeof(buf) - 1));
+        c = strchr(buf, '\n');
         if (c) {
             *c = '\0';
             length = c - buf;
@@ -225,7 +225,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT)
                 return 0;
             }
 
-            if (!memchr(tbuff, '\n', sizeof(tbuff) - 1)) {
+            if (!strchr(tbuff, '\n')) {
                 fprintf(stderr, "%s| %s: Oversized NTLM helper response\n",
                         LogTime(), PROGRAM);
                 return 0;
@@ -264,7 +264,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT)
                 return 0;
             }
 
-            if (!memchr(buff, '\n', sizeof(buff) - 1)) {
+            if (!strchr(buff, '\n')) {
                 fprintf(stderr, "%s| %s: Oversized Kerberos helper response\n",
                         LogTime(), PROGRAM);
                 return 0;