Overview

File CVE-2014-9749-WIP.patch of Package squid.3507

Index: squid-3.3.13/src/auth/digest/UserRequest.cc
===================================================================
--- squid-3.3.13.orig/src/auth/digest/UserRequest.cc
+++ squid-3.3.13/src/auth/digest/UserRequest.cc
@@ -152,10 +152,13 @@ Auth::Digest::UserRequest::authenticate(
     }
 
     /* check for stale nonce */
-    if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
-        debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");
-        auth_user->credentials(Auth::Failed);
-        digest_request->setDenyMessage("Stale nonce");
+    /* check Auth::Pending to avoid loop */
+    if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) {
+        debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64);
+        /* Pending prevent banner and makes a ldap control */
+        auth_user->credentials(Auth::Pending);
+        nonce->flags.valid = false;
+        authDigestNoncePurge(nonce);
         return;
     }
openSUSE Build Service is sponsored by
Places