From: Amos Jeffries Date: Tue, 21 May 2019 21:31:31 +0000 (+0000) Subject: Replace uudecode with libnettle base64 decoder (#406) X-Git-Tag: SQUID_5_0_1~93 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4cb75d28bddf1e064002b3631fd424ba616f5f1b;p=thirdparty%2Fsquid.git Replace uudecode with libnettle base64 decoder (#406) Since RFC 7235 updated the HTTP Authentication credentials token to the token68 characterset it is possible that characters uudecode cannot cope with are received. The Nettle decoder better handles characters which are valid but not to be used for Basic auth token. --- diff --git a/include/uudecode.h b/include/uudecode.h deleted file mode 100644 index 2732bc986f..0000000000 --- a/include/uudecode.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (C) 1996-2019 The Squid Software Foundation and contributors - * - * Squid software is distributed under GPLv2+ license and includes - * contributions from numerous individuals and organizations. - * Please see the COPYING and CONTRIBUTORS files for details. - */ - -#ifndef _SQUID_UUDECODE_H -#define _SQUID_UUDECODE_H - -#ifdef __cplusplus -extern "C" -#else -extern -#endif - -char *uudecode(const char *); - -#endif /* _SQUID_UUDECODE_H */ - diff --git a/lib/Makefile.am b/lib/Makefile.am index c3caa525ba..5f7699faf7 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -61,8 +61,7 @@ libmiscencoding_la_SOURCES = \ html_quote.c \ md5.c \ rfc1738.c \ - rfc2617.c \ - uudecode.c + rfc2617.c libmisccontainers_la_SOURCES = \ hash.cc diff --git a/lib/uudecode.c b/lib/uudecode.c deleted file mode 100644 index 5b7c378e74..0000000000 --- a/lib/uudecode.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (C) 1996-2019 The Squid Software Foundation and contributors - * - * Squid software is distributed under GPLv2+ license and includes - * contributions from numerous individuals and organizations. - * Please see the COPYING and CONTRIBUTORS files for details. - */ - -#include "squid.h" -#include "uudecode.h" - -/* aaaack but it's fast and const should make it shared text page. */ -const int pr2six[256] = { - 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, - 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64, 64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, - 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64, 64, 26, 27, - 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, - 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, - 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, - 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, - 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, - 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, - 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64 -}; - -char * -uudecode(const char *bufcoded) -{ - int nbytesdecoded; - const unsigned char *bufin; - char *bufplain; - unsigned char *bufout; - int nprbytes; - - /* Strip leading whitespace. */ - - while (*bufcoded == ' ' || *bufcoded == '\t') - bufcoded++; - - /* Figure out how many characters are in the input buffer. - * Allocate this many from the per-transaction pool for the result. - */ - bufin = (const unsigned char *) bufcoded; - while (pr2six[*(bufin++)] <= 63); - nprbytes = (const char *) bufin - bufcoded - 1; - nbytesdecoded = ((nprbytes + 3) / 4) * 3; - - bufplain = xmalloc(nbytesdecoded + 1); - bufout = (unsigned char *) bufplain; - bufin = (const unsigned char *) bufcoded; - - while (nprbytes > 0) { - *(bufout++) = - (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4); - *(bufout++) = - (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2); - *(bufout++) = - (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]); - bufin += 4; - nprbytes -= 4; - } - - if (nprbytes & 03) { - if (pr2six[bufin[-2]] > 63) - nbytesdecoded -= 2; - else - nbytesdecoded -= 1; - } - bufplain[nbytesdecoded] = '\0'; - return bufplain; -} - diff --git a/src/auth/basic/Config.cc b/src/auth/basic/Config.cc index c277468c87..20e73c623c 100644 --- a/src/auth/basic/Config.cc +++ b/src/auth/basic/Config.cc @@ -20,6 +20,7 @@ #include "auth/CredentialsCache.h" #include "auth/Gadgets.h" #include "auth/State.h" +#include "base64.h" #include "cache_cf.h" #include "charset.h" #include "helper.h" @@ -30,7 +31,6 @@ #include "SquidTime.h" #include "Store.h" #include "util.h" -#include "uudecode.h" #include "wordlist.h" /* Basic Scheme */ @@ -165,10 +165,17 @@ Auth::Basic::Config::decodeCleartext(const char *httpAuthHeader) // XXX: really? is the \n actually still there? does the header parse not drop it? char *eek = xstrdup(proxy_auth); strtok(eek, "\n"); - char *cleartext = uudecode(eek); - safe_free(eek); - if (cleartext) { + const size_t srcLen = strlen(eek); + char *cleartext = static_cast(xmalloc(BASE64_DECODE_LENGTH(srcLen)+1)); + + struct base64_decode_ctx ctx; + base64_decode_init(&ctx); + + size_t dstLen = 0; + if (base64_decode_update(&ctx, &dstLen, reinterpret_cast(cleartext), srcLen, eek) && base64_decode_final(&ctx)) { + cleartext[dstLen] = '\0'; + /* * Don't allow NL or CR in the credentials. * Oezguer Kesim @@ -179,7 +186,12 @@ Auth::Basic::Config::decodeCleartext(const char *httpAuthHeader) debugs(29, DBG_IMPORTANT, "WARNING: Bad characters in authorization header '" << httpAuthHeader << "'"); safe_free(cleartext); } + } else { + debugs(29, 2, "WARNING: Invalid Base64 character in authorization header '" << httpAuthHeader << "'"); + safe_free(cleartext); } + + safe_free(eek); return cleartext; }