Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.4
lighttpd.import5735
lighttpd-1.4.x_mod_auth_signedness_error.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File lighttpd-1.4.x_mod_auth_signedness_error.patch of Package lighttpd.import5735
commit 1adaac589ced706e1badd751f54390086b1d0767 Author: Marcus Rückert <mrueckert@suse.de> Date: Tue Dec 20 13:08:51 2011 +0100 - merge 6c9dff7cda6593d9a566413347dd5adfe80c86a8 [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362) diff --git a/src/http_auth.c b/src/http_auth.c index 0c0c4a5..6609dc7 100644 --- a/src/http_auth.c +++ b/src/http_auth.c @@ -89,7 +89,7 @@ static unsigned char * base64_decode(buffer *out, const char *in) { ch = in[0]; /* run through the whole string, converting as we go */ for (i = 0; i < in_len; i++) { - ch = in[i]; + ch = (unsigned char) in[i]; if (ch == '\0') break; diff --git a/tests/mod-auth.t b/tests/mod-auth.t index 475a5f6..89ead9d 100755 --- a/tests/mod-auth.t +++ b/tests/mod-auth.t @@ -8,7 +8,7 @@ BEGIN { use strict; use IO::Socket; -use Test::More tests => 14; +use Test::More tests => 15; use LightyTest; my $tf = LightyTest->new(); @@ -25,6 +25,14 @@ ok($tf->handle_http($t) == 0, 'Missing Auth-token'); $t->{REQUEST} = ( <<EOF GET /server-status HTTP/1.0 +Authorization: Basic \x80mFuOmphb +EOF + ); +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ]; +ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid base64 Auth-token'); + +$t->{REQUEST} = ( <<EOF +GET /server-status HTTP/1.0 Authorization: Basic amFuOmphb EOF );
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor