65 lines
1.7 KiB
Diff
65 lines
1.7 KiB
Diff
From c51f6177576d7e12614c64d316cf0b67addd17c9 Mon Sep 17 00:00:00 2001
|
|
From: Stef Walter <stefw@redhat.com>
|
|
Date: Thu, 13 Dec 2018 15:12:44 +0100
|
|
Subject: [PATCH] ws: Fix bug parsing invalid base64 headers
|
|
|
|
The len parameter to g_base64_decode_inplace() is a inout
|
|
parameter, and needs to be initialized. Lets just use
|
|
the simpler g_base64_decode() function. This fixes a segfault.
|
|
|
|
Closes #10819
|
|
---
|
|
src/ws/cockpitauth.c | 13 ++++++++-----
|
|
src/ws/test-auth.c | 6 ++++++
|
|
2 files changed, 14 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/src/ws/cockpitauth.c b/src/ws/cockpitauth.c
|
|
index 474e13c..963f7a7 100644
|
|
--- a/src/ws/cockpitauth.c
|
|
+++ b/src/ws/cockpitauth.c
|
|
@@ -1159,16 +1159,19 @@ cockpit_auth_class_init (CockpitAuthClass *klass)
|
|
cockpit_authorize_logger (authorize_logger, 0);
|
|
}
|
|
|
|
-static char *
|
|
+static gchar *
|
|
base64_decode_string (const char *enc)
|
|
{
|
|
+ gchar *dec;
|
|
+ gsize len;
|
|
+
|
|
if (enc == NULL)
|
|
return NULL;
|
|
|
|
- char *dec = g_strdup (enc);
|
|
- gsize len;
|
|
- g_base64_decode_inplace (dec, &len);
|
|
- dec[len] = '\0';
|
|
+ dec = (gchar *)g_base64_decode (enc, &len);
|
|
+ if (dec)
|
|
+ dec[len] = '\0';
|
|
+
|
|
return dec;
|
|
}
|
|
|
|
diff --git a/src/ws/test-auth.c b/src/ws/test-auth.c
|
|
index 6f84b01..57d9462 100644
|
|
--- a/src/ws/test-auth.c
|
|
+++ b/src/ws/test-auth.c
|
|
@@ -286,6 +286,12 @@ test_headers_bad (Test *test,
|
|
if (cockpit_auth_check_cookie (test->auth, "/cockpit", headers))
|
|
g_assert_not_reached ();
|
|
|
|
+ /* Bad encoding */
|
|
+ g_hash_table_remove_all (headers);
|
|
+ g_hash_table_insert (headers, g_strdup ("Cookie"), g_strdup ("cockpit=d"));
|
|
+ if (cockpit_auth_check_cookie (test->auth, "/cockpit", headers))
|
|
+ g_assert_not_reached ();
|
|
+
|
|
g_hash_table_destroy (headers);
|
|
}
|
|
|
|
--
|
|
2.19.1
|
|
|