From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 2 May 2008 11:08:58 +0000 (+1200)
Subject: Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
X-Git-Tag: SQUID_3_0_STABLE6~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e66d9eb4bdabe54160915338ede63cfa2330bc42;p=thirdparty%2Fsquid.git

Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
Bug 2308: Segmentation fault in AuthDigestUserRequest::authUser

In this patch:
 - In method AuthDigestConfig::decode just do not delete the digest_request on
errors  but use it as is in the authDigestLogUsername functions.

 - In the method AuthDigestConfig::fixHeader change the line  "int stale = 1;"
to "int stale = 0;" to make squid respond with  "stale=false" in the first
unauthenticated request of web client.
---

diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc
index bda104b4cd..a25b2a34ac 100644
--- a/src/auth/digest/auth_digest.cc
+++ b/src/auth/digest/auth_digest.cc
@@ -780,7 +780,7 @@ AuthDigestConfig::fixHeader(AuthUserRequest *auth_user_request, HttpReply *rep,
     if (!authenticate)
         return;
 
-    int stale = 1;
+    int stale = 0;
 
     if (auth_user_request) {
         AuthDigestUserRequest *digest_request;
@@ -1224,7 +1224,6 @@ AuthDigestConfig::decode(char const *proxy_auth)
 
     if (digest_request->cnonce && strlen(digest_request->nc) != 8) {
         debugs(29, 4, "authenticateDigestDecode: nonce count length invalid");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }
 
@@ -1246,7 +1245,6 @@ AuthDigestConfig::decode(char const *proxy_auth)
     if (digest_request->qop && strcmp(digest_request->qop, QOP_AUTH) != 0) {
         /* we received a qop option we didn't send */
         debugs(29, 4, "authenticateDigestDecode: Invalid qop option received");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }
 
@@ -1257,21 +1255,18 @@ AuthDigestConfig::decode(char const *proxy_auth)
 
     if (!digest_request->response || strlen(digest_request->response) != 32) {
         debugs(29, 4, "authenticateDigestDecode: Response length invalid");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }
 
     /* do we have a username ? */
     if (!username || username[0] == '\0') {
         debugs(29, 4, "authenticateDigestDecode: Empty or not present username");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }
 
     /* check that we're not being hacked / the username hasn't changed */
     if (nonce->user && strcmp(username, nonce->user->username())) {
         debugs(29, 4, "authenticateDigestDecode: Username for the nonce does not equal the username for the request");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }
 
@@ -1279,7 +1274,6 @@ AuthDigestConfig::decode(char const *proxy_auth)
     if ((digest_request->qop && !digest_request->cnonce)
             || (!digest_request->qop && digest_request->cnonce)) {
         debugs(29, 4, "authenticateDigestDecode: qop without cnonce, or vice versa!");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }
 
@@ -1289,7 +1283,6 @@ AuthDigestConfig::decode(char const *proxy_auth)
     else if (strcmp(digest_request->algorithm, "MD5")
              && strcmp(digest_request->algorithm, "MD5-sess")) {
         debugs(29, 4, "authenticateDigestDecode: invalid algorithm specified!");
-        delete digest_request;
         return authDigestLogUsername(username, digest_request);
     }