Overview

File squid:bsc_949942:CVE-2014-9749.patch of Package squid.4108

Index: squid-3.3.13/src/auth/digest/UserRequest.cc
===================================================================
--- squid-3.3.13.orig/src/auth/digest/UserRequest.cc
+++ squid-3.3.13/src/auth/digest/UserRequest.cc
@@ -152,10 +152,13 @@ Auth::Digest::UserRequest::authenticate(
     }
 
     /* check for stale nonce */
-    if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
-        debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");
-        auth_user->credentials(Auth::Failed);
-        digest_request->setDenyMessage("Stale nonce");
+    /* check Auth::Pending to avoid loop */
+    if ((!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) || authDigestNonceIsStale(nonce)) && ( user()->credentials() != Auth::Pending )) {
+        debugs(29, 3, HERE << auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64);
+        /* Pending prevent banner and makes a ldap control */
+        auth_user->credentials(Auth::Pending);
+        nonce->flags.valid = false;
+        authDigestNoncePurge(nonce);
         return;
     }
 
Index: squid-3.3.13/src/auth/digest/auth_digest.cc
===================================================================
--- squid-3.3.13.orig/src/auth/digest/auth_digest.cc
+++ squid-3.3.13/src/auth/digest/auth_digest.cc
@@ -105,7 +105,6 @@ static digest_nonce_h *authenticateDiges
 static digest_nonce_h *authenticateDigestNonceNew(void);
 static void authenticateDigestNonceDelete(digest_nonce_h * nonce);
 static void authenticateDigestNonceSetup(void);
-static int authDigestNonceIsStale(digest_nonce_h * nonce);
 static void authDigestNonceEncode(digest_nonce_h * nonce);
 static void authDigestNonceLink(digest_nonce_h * nonce);
 #if NOT_USED
@@ -400,7 +399,7 @@ authDigestNonceIsValid(digest_nonce_h *
     return -1;
 }
 
-static int
+int
 authDigestNonceIsStale(digest_nonce_h * nonce)
 {
     /* do we have a nonce ? */
@@ -408,6 +407,10 @@ authDigestNonceIsStale(digest_nonce_h *
     if (!nonce)
         return -1;
 
+    /* Is it already invalidated? */
+    if (!nonce->flags.valid)
+        return -1;
+
     /* has it's max duration expired? */
     if (nonce->noncedata.creationtime + static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->noncemaxduration < current_time.tv_sec) {
         debugs(29, 4, "authDigestNonceIsStale: Nonce is too old. " <<
Index: squid-3.3.13/src/auth/digest/auth_digest.h
===================================================================
--- squid-3.3.13.orig/src/auth/digest/auth_digest.h
+++ squid-3.3.13/src/auth/digest/auth_digest.h
@@ -52,6 +52,7 @@ struct _digest_nonce_h : public hash_lin
 
 void authDigestNonceUnlink(digest_nonce_h * nonce);
 int authDigestNonceIsValid(digest_nonce_h * nonce, char nc[9]);
+int authDigestNonceIsStale(digest_nonce_h * nonce);
 const char *authenticateDigestNonceNonceb64(const digest_nonce_h * nonce);
 int authDigestNonceLastRequest(digest_nonce_h * nonce);
 void authenticateDigestNonceShutdown(void);
openSUSE Build Service is sponsored by
Places