Browse Source

[mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2806 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.30
Stefan Bühler 10 years ago
parent
commit
6c9dff7cda
  1. 1
      NEWS
  2. 2
      src/http_auth.c
  3. 10
      tests/mod-auth.t

1
NEWS

@ -10,6 +10,7 @@ NEWS
* Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
* Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
* Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351)
* [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
- 1.4.29 - 2011-07-03
* Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)

2
src/http_auth.c

@ -99,7 +99,7 @@ static unsigned char * base64_decode(buffer *out, const char *in) {
ch = in[0];
/* run through the whole string, converting as we go */
for (i = 0; i < in_len; i++) {
ch = in[i];
ch = (unsigned char) in[i];
if (ch == '\0') break;

10
tests/mod-auth.t

@ -8,7 +8,7 @@ BEGIN {
use strict;
use IO::Socket;
use Test::More tests => 14;
use Test::More tests => 15;
use LightyTest;
my $tf = LightyTest->new();
@ -23,6 +23,14 @@ EOF
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
ok($tf->handle_http($t) == 0, 'Missing Auth-token');
$t->{REQUEST} = ( <<EOF
GET /server-status HTTP/1.0
Authorization: Basic \x80mFuOmphb
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid base64 Auth-token');
$t->{REQUEST} = ( <<EOF
GET /server-status HTTP/1.0
Authorization: Basic amFuOmphb

Loading…
Cancel
Save