From ec271fe8db9e548fec8a6436346cf27f74f67b57 Mon Sep 17 00:00:00 2001 From: =?utf8?q?=C5=A0t=C4=9Bp=C3=A1n=20Bro=C5=BE?= <32738079+brozs@users.noreply.github.com> Date: Tue, 27 Oct 2020 10:29:18 +0000 Subject: [PATCH] Fix cachemgr.cgi regression in the bug 4957 fix (#741) After master commit 2e29287, authenticated CGI interface users could not use the menu links (getting HTTP 403 error). Symptoms in cache.log: CacheManager: unknown@...: password needed for 'menu' CacheManager: @...: incorrect password for 'menu' --- tools/cachemgr.cc | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc index 8c59629324..0a0d027582 100644 --- a/tools/cachemgr.cc +++ b/tools/cachemgr.cc @@ -1092,14 +1092,20 @@ make_pub_auth(cachemgr_request * req) if (!req->passwd || !strlen(req->passwd)) return; + auto *rfc1738_username = xstrdup(rfc1738_escape(safe_str(req->user_name))); + auto *rfc1738_passwd = xstrdup(rfc1738_escape(req->passwd)); + /* host | time | user | passwd */ const int bufLen = snprintf(buf, sizeof(buf), "%s|%d|%s|%s", req->hostname, (int) now, - rfc1738_escape(safe_str(req->user_name)), - rfc1738_escape(req->passwd)); + rfc1738_username, + rfc1738_passwd); debug("cmgr: pre-encoded for pub: %s\n", buf); + safe_free(rfc1738_username); + safe_free(rfc1738_passwd); + const int encodedLen = base64_encode_len(bufLen); req->pub_auth = (char *) xmalloc(encodedLen); struct base64_encode_ctx ctx; -- 2.47.2