[mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2806 152afb58-edef-0310-8abb-c4023f1b3aa9
12 years ago · 6c9dff7cda
parent f15ee9becb
commit 6c9dff7cda
3 changed files with 11 additions and 2 deletions
--- a/1
+++ b/1
@ -10,6 +10,7 @@ NEWS
  * Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
  * Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
  * Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351)
+  * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)

 - 1.4.29 - 2011-07-03
  * Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
--- a/src/http_auth.c
+++ b/src/http_auth.c
@ -99,7 +99,7 @@ static unsigned char * base64_decode(buffer *out, const char *in) {
 	ch = in[0];
 	/* run through the whole string, converting as we go */
 	for (i = 0; i < in_len; i++) {
-		ch = in[i];
+		ch = (unsigned char) in[i];

 		if (ch == '\0') break;

--- a/tests/mod-auth.t
+++ b/tests/mod-auth.t
@ -8,7 +8,7 @@ BEGIN {

 use strict;
 use IO::Socket;
-use Test::More tests => 14;
+use Test::More tests => 15;
 use LightyTest;

 my $tf = LightyTest->new();
@ -23,6 +23,14 @@ EOF
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
 ok($tf->handle_http($t) == 0, 'Missing Auth-token');

+$t->{REQUEST}  = ( <<EOF
+GET /server-status HTTP/1.0
+Authorization: Basic \x80mFuOmphb
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Invalid base64 Auth-token');
+
 $t->{REQUEST}  = ( <<EOF
 GET /server-status HTTP/1.0
 Authorization: Basic amFuOmphb