1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
|
From: Luigi Gangitano <luigi@debian.org>
Date: Wed, 28 Jan 2015 12:30:04 +0100
Subject: squid-3.4-13211.patch Fixes minor security issue in digest
authentication nonce indefinite rollover
---
src/auth/digest/UserRequest.cc | 12 ++++++++----
src/auth/digest/auth_digest.cc | 7 +------
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/src/auth/digest/UserRequest.cc b/src/auth/digest/UserRequest.cc
index 9107d73..011f109 100644
--- a/src/auth/digest/UserRequest.cc
+++ b/src/auth/digest/UserRequest.cc
@@ -152,10 +152,14 @@ Auth::Digest::UserRequest::authenticate(HttpRequest * request, ConnStateData * c
}
/* check for stale nonce */
- if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
- debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");
- auth_user->credentials(Auth::Handshake);
- digest_request->setDenyMessage("Stale nonce");
+ /* check Auth::Pending to avoid loop */
+
+ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) {
+ debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64);
+ /* Pending prevent banner and makes a ldap control */
+ auth_user->credentials(Auth::Pending);
+ nonce->flags.valid = false;
+ authDigestNoncePurge(nonce);
return;
}
diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc
index 7cc3276..610f547 100644
--- a/src/auth/digest/auth_digest.cc
+++ b/src/auth/digest/auth_digest.cc
@@ -1038,12 +1038,7 @@ Auth::Digest::Config::decode(char const *proxy_auth)
debugs(29, 2, "Username for the nonce does not equal the username for the request");
nonce = NULL;
}
- /* check for stale nonce */
- if (authDigestNonceIsStale(nonce)) {
- debugs(29, 3, "The received nonce is stale from " << username);
- digest_request->setDenyMessage("Stale nonce");
- nonce = NULL;
- }
+
if (!nonce) {
/* we couldn't find a matching nonce! */
debugs(29, 2, "Unexpected or invalid nonce received from " << username);
|