decode_pub_auth() assumes that base64_decode_update() 0-terminates its output, but, AFAICT, that assumption is wrong, and my quick-and-dirty gdb tests appear to confirm my suspicion. If I am right, then the strtok() call below (or similar calls after it) may access unallocated/random memory: base64_decode_update(&ctx, &decodedLen, buf, ...) /* parse ( a lot of memory leaks, but that is cachemgr style :) */ host_name = strtok(buf, "|");
PR https://github.com/squid-cache/squid/pull/407 opened for this.
Fix applied to v5 and v4
.