Skip to content
Permalink
Browse files Browse the repository at this point in the history
ws: Fix bug parsing invalid base64 headers
The len parameter to g_base64_decode_inplace() is a inout
parameter, and needs to be initialized. Lets just use
the simpler g_base64_decode() function. This fixes a segfault.

Closes #10819
  • Loading branch information
stefwalter authored and martinpitt committed Dec 13, 2018
1 parent ef26461 commit c51f617
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 5 deletions.
13 changes: 8 additions & 5 deletions src/ws/cockpitauth.c
Expand Up @@ -1190,16 +1190,19 @@ cockpit_auth_class_init (CockpitAuthClass *klass)
cockpit_authorize_logger (authorize_logger, 0);
}

static char *
static gchar *
base64_decode_string (const char *enc)
{
gchar *dec;
gsize len;

if (enc == NULL)
return NULL;

char *dec = g_strdup (enc);
gsize len;
g_base64_decode_inplace (dec, &len);
dec[len] = '\0';
dec = (gchar *)g_base64_decode (enc, &len);
if (dec)
dec[len] = '\0';

return dec;
}

Expand Down
6 changes: 6 additions & 0 deletions src/ws/test-auth.c
Expand Up @@ -286,6 +286,12 @@ test_headers_bad (Test *test,
if (cockpit_auth_check_cookie (test->auth, "/cockpit", headers))
g_assert_not_reached ();

/* Bad encoding */
g_hash_table_remove_all (headers);
g_hash_table_insert (headers, g_strdup ("Cookie"), g_strdup ("cockpit=d"));
if (cockpit_auth_check_cookie (test->auth, "/cockpit", headers))
g_assert_not_reached ();

g_hash_table_destroy (headers);
}

Expand Down

0 comments on commit c51f617

Please sign in to comment.