diff options
author | stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2011-11-29 22:27:23 +0000 |
---|---|---|
committer | stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2011-11-29 22:27:23 +0000 |
commit | d040b7dc5cfd836bf83aeb04a1dfc2f59902dacc (patch) | |
tree | 45fab279e0a575ad51a9c0352101e9a31df5bf38 | |
parent | 0d944e0d0f2d02f3fdf37b05e12251e42c11f6d8 (diff) | |
download | lighttpd-d040b7dc5cfd836bf83aeb04a1dfc2f59902dacc.tar.gz |
[mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@2807 152afb58-edef-0310-8abb-c4023f1b3aa9
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | src/http_auth.c | 2 | ||||
-rwxr-xr-x | tests/mod-auth.t | 10 |
3 files changed, 11 insertions, 2 deletions
@@ -170,6 +170,7 @@ NEWS * Read hostname from absolute https:// uris in the request line (patch by Adrian Schröter <adrian@suse.de>) * [ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269) * Enable linux-aio-sendfile for testing in autotools too + * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362) - 1.5.0-r19.. - * -F option added for spawn-fcgi diff --git a/src/http_auth.c b/src/http_auth.c index 70767139..2d6180e2 100644 --- a/src/http_auth.c +++ b/src/http_auth.c @@ -104,7 +104,7 @@ static unsigned char * base64_decode(buffer *out, const char *in) { ch = in[0]; /* run through the whole string, converting as we go */ for (i = 0; i < in_len; i++) { - ch = in[i]; + ch = (unsigned char) in[i]; if (ch == '\0') break; diff --git a/tests/mod-auth.t b/tests/mod-auth.t index 69efa0aa..6e5d5893 100755 --- a/tests/mod-auth.t +++ b/tests/mod-auth.t @@ -8,7 +8,7 @@ BEGIN { use strict; use IO::Socket; -use Test::More tests => 13; +use Test::More tests => 14; use LightyTest; my $tf = LightyTest->new(); @@ -25,6 +25,14 @@ ok($tf->handle_http($t) == 0, 'Missing Auth-token'); $t->{REQUEST} = ( <<EOF GET /server-status HTTP/1.0 +Authorization: Basic \x80mFuOmphb +EOF + ); +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ]; +ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid base64 Auth-token'); + +$t->{REQUEST} = ( <<EOF +GET /server-status HTTP/1.0 Authorization: Basic amFuOmphb EOF ); |