Bug 4937 - cachemgr.cgi: unallocated memory access after base64_decode_update
Summary: cachemgr.cgi: unallocated memory access after base64_decode_update
Status: RESOLVED FIXED
Alias: None
Product: Squid
Classification: Unclassified
Component: tools: cachemgr.cgi (show other bugs)
Version: 4
Hardware: All All
: P5 normal
Assignee: SQUID BUGS ALIAS
URL:
Depends on:
Blocks:
 
Reported: 2019-04-10 21:13 UTC by Alex Rousskov
Modified: 2019-06-13 10:49 UTC (History)
0 users

See Also:
Browser: ---
Fixed Versions: 4.8
Needs:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Rousskov 2019-04-10 21:13:50 UTC
decode_pub_auth() assumes that base64_decode_update() 0-terminates its output, but, AFAICT, that assumption is wrong, and my quick-and-dirty gdb tests appear to confirm my suspicion. If I am right, then the strtok() call below (or similar calls after it) may access unallocated/random memory:

    base64_decode_update(&ctx, &decodedLen, buf, ...)

    /* parse ( a lot of memory leaks, but that is cachemgr style :) */
    host_name = strtok(buf, "|");
Comment 1 Amos Jeffries 2019-05-18 09:48:56 UTC
PR https://github.com/squid-cache/squid/pull/407 opened for this.
Comment 2 Amos Jeffries 2019-06-13 10:48:28 UTC
Fix applied to v5 and v4
Comment 3 Amos Jeffries 2019-06-13 10:49:04 UTC
.