File SQUID-2020_4.patch of Package squid.26147

Overview Repositories Revisions Requests Users Attributes Meta

File SQUID-2020_4.patch of Package squid.26147

Adapted from:

commit eeebf0f37a72a2de08348e85ae34b02c34e9a811
Author: desbma-s1n <62935004+desbma-s1n@users.noreply.github.com>
Date:   2020-04-02 11:16:45 +0000

Fix auth digest refcount integer overflow (#585)
    
    This fixes a possible overflow of the nonce reference counter in the
    digest authentication scheme, found by security researchers
    @synacktiv.
    
    It changes `references` to be an 64 bits unsigned integer. This makes
    overflowing the counter impossible in practice.

Index: squid-3.5.21/src/auth/digest/Config.cc
===================================================================
--- squid-3.5.21.orig/src/auth/digest/Config.cc
+++ squid-3.5.21/src/auth/digest/Config.cc
@@ -280,6 +280,7 @@ authDigestNonceLink(digest_nonce_h * non
 {
     assert(nonce != NULL);
     ++nonce->references;
+    assert(nonce->references != 0); // no overflows
     debugs(29, 9, "nonce '" << nonce << "' now at '" << nonce->references << "'.");
 }
 
Index: squid-3.5.21/src/auth/digest/Config.h
===================================================================
--- squid-3.5.21.orig/src/auth/digest/Config.h
+++ squid-3.5.21/src/auth/digest/Config.h
@@ -42,7 +42,7 @@ struct _digest_nonce_h : public hash_lin
     /* number of uses we've seen of this nonce */
     unsigned long nc;
     /* reference count */
-    short references;
+    uint64_t references;
     /* the auth_user this nonce has been tied to */
     Auth::Digest::User *user;
     /* has this nonce been invalidated ? */

Places

File SQUID-2020_4.patch of Package squid.26147

Places