=== modified file 'helpers/negotiate_auth/kerberos/Makefile.am' --- helpers/negotiate_auth/kerberos/Makefile.am 2010-08-13 12:05:25 +0000 +++ helpers/negotiate_auth/kerberos/Makefile.am 2011-04-16 15:24:58 +0000 @@ -5,17 +5,22 @@ libexec_PROGRAMS = negotiate_kerberos_auth negotiate_kerberos_auth_test -SOURCE = negotiate_kerberos_auth.cc base64.cc base64.h -SOURCE_test = negotiate_kerberos_auth_test.cc base64.cc base64.h - -negotiate_kerberos_auth_SOURCES = $(SOURCE) AM_CPPFLAGS = $(INCLUDES) -I$(srcdir) -negotiate_kerberos_auth_test_SOURCES = $(SOURCE_test) - - + +negotiate_kerberos_auth_SOURCES = negotiate_kerberos_auth.cc negotiate_kerberos_auth_LDFLAGS = -negotiate_kerberos_auth_LDADD = $(COMPAT_LIB) $(XTRA_LIBS) $(KRB5LIBS) +negotiate_kerberos_auth_LDADD = \ + $(top_builddir)/lib/libmiscencoding.la \ + $(COMPAT_LIB) \ + $(KRB5LIBS) \ + $(XTRA_LIBS) + +negotiate_kerberos_auth_test_SOURCES = negotiate_kerberos_auth_test.cc negotiate_kerberos_auth_test_LDFLAGS = -negotiate_kerberos_auth_test_LDADD = $(COMPAT_LIB) $(XTRA_LIBS) $(KRB5LIBS) +negotiate_kerberos_auth_test_LDADD = \ + $(top_builddir)/lib/libmiscencoding.la \ + $(COMPAT_LIB) \ + $(KRB5LIBS) \ + $(XTRA_LIBS) man_MANS = negotiate_kerberos_auth.8 === removed file 'helpers/negotiate_auth/kerberos/base64.cc' --- helpers/negotiate_auth/kerberos/base64.cc 2010-11-20 11:31:38 +0000 +++ helpers/negotiate_auth/kerberos/base64.cc 1970-01-01 00:00:00 +0000 @@ -1,161 +0,0 @@ -/* - * Markus Moeller has modified the following code from Squid - */ - -#include "config.h" -#include "base64.h" -#include -#include -#include - - -static void ska_base64_init(void); - -static int base64_initialized = 0; -#define BASE64_VALUE_SZ 256 -int base64_value[BASE64_VALUE_SZ]; -const char base64_code[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - - -static void -ska_base64_init(void) -{ - int i; - - for (i = 0; i < BASE64_VALUE_SZ; i++) - base64_value[i] = -1; - - for (i = 0; i < 64; i++) - base64_value[(int) base64_code[i]] = i; - base64_value[(int) '='] = 0; - - base64_initialized = 1; -} - -void -ska_base64_decode(char *result, const char *data, int result_size) -{ - int j; - int c; - long val; - if (!data) - return; - if (!base64_initialized) - ska_base64_init(); - val = c = 0; - - for (j = 0; *data; data++) { - unsigned int k = ((unsigned char) *data) % BASE64_VALUE_SZ; - if (base64_value[k] < 0) - continue; - val <<= 6; - val += base64_value[k]; - if (++c < 4) - continue; - /* One quantum of four encoding characters/24 bit */ - if (j >= result_size) - break; - result[j++] = val >> 16; /* High 8 bits */ - if (j >= result_size) - break; - result[j++] = (val >> 8) & 0xff; /* Mid 8 bits */ - if (j >= result_size) - break; - result[j++] = val & 0xff; /* Low 8 bits */ - val = c = 0; - } - return; -} - -/* adopted from http://ftp.sunet.se/pub2/gnu/vm/base64-encode.c with adjustments */ -void -ska_base64_encode(char *result, const char *data, int result_size, - int data_size) -{ - int bits = 0; - int char_count = 0; - int out_cnt = 0; - - if (!data) - return; - - if (!base64_initialized) - ska_base64_init(); - - while (data_size--) { - int c = (unsigned char) *data++; - bits += c; - char_count++; - if (char_count == 3) { - if (out_cnt >= result_size) - break; - result[out_cnt++] = base64_code[bits >> 18]; - if (out_cnt >= result_size) - break; - result[out_cnt++] = base64_code[(bits >> 12) & 0x3f]; - if (out_cnt >= result_size) - break; - result[out_cnt++] = base64_code[(bits >> 6) & 0x3f]; - if (out_cnt >= result_size) - break; - result[out_cnt++] = base64_code[bits & 0x3f]; - bits = 0; - char_count = 0; - } else { - bits <<= 8; - } - } - if (char_count != 0) { - bits <<= 16 - (8 * char_count); - if (out_cnt >= result_size) - goto end; - result[out_cnt++] = base64_code[bits >> 18]; - if (out_cnt >= result_size) - goto end; - result[out_cnt++] = base64_code[(bits >> 12) & 0x3f]; - if (char_count == 1) { - if (out_cnt >= result_size) - goto end; - result[out_cnt++] = '='; - if (out_cnt >= result_size) - goto end; - result[out_cnt++] = '='; - } else { - if (out_cnt >= result_size) - goto end; - result[out_cnt++] = base64_code[(bits >> 6) & 0x3f]; - if (out_cnt >= result_size) - goto end; - result[out_cnt++] = '='; - } - } -end: - if (out_cnt >= result_size) { - result[result_size - 1] = '\0'; /* terminate */ - } else { - result[out_cnt] = '\0'; /* terminate */ - } - return; -} - -int -ska_base64_encode_len(int len) -{ - return ((len + 2) / 3 * 4) + 1; -} - -int -ska_base64_decode_len(const char *data) -{ - int i, j; - - j = 0; - for (i = strlen(data) - 1; i >= 0; i--) { - if (data[i] == '=') - j++; - if (data[i] != '=') - break; - } - return strlen(data) / 4 * 3 - j; -} === removed file 'helpers/negotiate_auth/kerberos/base64.h' --- helpers/negotiate_auth/kerberos/base64.h 2010-08-14 00:12:49 +0000 +++ helpers/negotiate_auth/kerberos/base64.h 1970-01-01 00:00:00 +0000 @@ -1,10 +0,0 @@ -/* - * Markus Moeller has modified the following code from Squid - */ - -void ska_base64_decode(char *result, const char *data, int result_size); -void ska_base64_encode(char *result, const char *data, int result_size, - int data_size); - -int ska_base64_encode_len(int len); -int ska_base64_decode_len(const char *data); === modified file 'helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc' --- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc 2011-03-14 06:15:51 +0000 +++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc 2011-04-20 13:46:46 +0000 @@ -374,13 +374,12 @@ fprintf(stdout, "BH Invalid negotiate request\n"); continue; } - input_token.length = ska_base64_decode_len(buf + 3); + input_token.length = base64_decode_len(buf + 3); debug((char *) "%s| %s: DEBUG: Decode '%s' (decoded length: %d).\n", LogTime(), PROGRAM, buf + 3, (int) input_token.length); input_token.value = xmalloc(input_token.length); - ska_base64_decode((char *) input_token.value, buf + 3, input_token.length); - + base64_decode((char *) input_token.value, buf + 3, input_token.length); if ((input_token.length >= sizeof ntlmProtocol + 1) && (!memcmp(input_token.value, ntlmProtocol, sizeof ntlmProtocol))) { @@ -427,14 +426,14 @@ if (output_token.length) { spnegoToken = (const unsigned char *) output_token.value; spnegoTokenLength = output_token.length; - token = (char *) xmalloc(ska_base64_encode_len(spnegoTokenLength)); + token = (char *) xmalloc(base64_encode_len(spnegoTokenLength)); if (token == NULL) { debug((char *) "%s| %s: ERROR: Not enough memory\n", LogTime(), PROGRAM); fprintf(stdout, "BH Not enough memory\n"); goto cleanup; } - ska_base64_encode(token, (const char *) spnegoToken, - ska_base64_encode_len(spnegoTokenLength), spnegoTokenLength); + base64_encode_str(token, (const char *) spnegoToken, + base64_encode_len(spnegoTokenLength), spnegoTokenLength); if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log)) goto cleanup; === modified file 'helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc' --- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc 2011-03-14 06:15:51 +0000 +++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc 2011-04-20 13:45:51 +0000 @@ -196,9 +196,9 @@ goto cleanup; if (output_token.length) { - token = (char *) xmalloc(ska_base64_encode_len(output_token.length)); - ska_base64_encode(token, (const char *) output_token.value, - ska_base64_encode_len(output_token.length), output_token.length); + token = (char *) xmalloc(base64_encode_len(output_token.length)); + base64_encode_str(token, (const char *) output_token.value, + base64_encode_len(output_token.length), output_token.length); } cleanup: gss_delete_sec_context(&minor_status, &gss_context, NULL); === modified file 'helpers/negotiate_auth/wrapper/Makefile.am' --- helpers/negotiate_auth/wrapper/Makefile.am 2011-04-15 11:51:15 +0000 +++ helpers/negotiate_auth/wrapper/Makefile.am 2011-04-16 04:35:08 +0000 @@ -4,5 +4,8 @@ libexec_PROGRAMS = negotiate_wrapper_auth -negotiate_wrapper_auth_SOURCES = negotiate_wrapper.cc nw_base64.cc nw_base64.h -negotiate_wrapper_auth_LDADD = $(COMPAT_LIB) $(XTRA_LIBS) +negotiate_wrapper_auth_SOURCES = negotiate_wrapper.cc +negotiate_wrapper_auth_LDADD = \ + $(top_builddir)/lib/libmiscencoding.la \ + $(COMPAT_LIB) \ + $(XTRA_LIBS) === modified file 'helpers/negotiate_auth/wrapper/negotiate_wrapper.cc' --- helpers/negotiate_auth/wrapper/negotiate_wrapper.cc 2011-04-19 13:20:31 +0000 +++ helpers/negotiate_auth/wrapper/negotiate_wrapper.cc 2011-04-20 06:11:07 +0000 @@ -26,7 +26,7 @@ */ #include "config.h" -#include "nw_base64.h" +#include "base64.h" #if HAVE_STRING_H #include @@ -346,7 +346,7 @@ fprintf(stdout, "BH Invalid negotiate request\n"); continue; } - length = nw_base64_decode_len(buf + 3); + length = base64_decode_len(buf + 3); if (debug) fprintf(stderr, "%s| %s: Decode '%s' (decoded length: %d).\n", LogTime(), PROGRAM, buf + 3, (int) length); @@ -356,7 +356,7 @@ return 1; } - nw_base64_decode(token, buf + 3, length); + base64_decode(token, buf + 3, length); if ((static_cast(length) >= sizeof(ntlmProtocol) + 1) && (!memcmp(token, ntlmProtocol, sizeof ntlmProtocol))) { === removed file 'helpers/negotiate_auth/wrapper/nw_base64.cc' --- helpers/negotiate_auth/wrapper/nw_base64.cc 2011-04-16 14:43:18 +0000 +++ helpers/negotiate_auth/wrapper/nw_base64.cc 1970-01-01 00:00:00 +0000 @@ -1,83 +0,0 @@ -/* - * Markus Moeller has modified the following code from Squid - */ -#include "config.h" -#include "nw_base64.h" -#include -#include -#include - - -static void nw_base64_init(void); - -static int base64_initialized = 0; -#define BASE64_VALUE_SZ 256 -int base64_value[BASE64_VALUE_SZ]; -const char base64_code[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - - -static void -nw_base64_init(void) -{ - int i; - - for (i = 0; i < BASE64_VALUE_SZ; i++) - base64_value[i] = -1; - - for (i = 0; i < 64; i++) - base64_value[(int) base64_code[i]] = i; - base64_value[(int)'='] = 0; - - base64_initialized = 1; -} - -void -nw_base64_decode(char *result, const char *data, int result_size) -{ - int j; - int c; - long val; - if (!data) - return; - if (!base64_initialized) - nw_base64_init(); - val = c = 0; - - for (j = 0; *data; data++) { - unsigned int k = ((unsigned char) *data) % BASE64_VALUE_SZ; - if (base64_value[k] < 0) - continue; - val <<= 6; - val += base64_value[k]; - if (++c < 4) - continue; - /* One quantum of four encoding characters/24 bit */ - if (j >= result_size) - break; - result[j++] = val >> 16; /* High 8 bits */ - if (j >= result_size) - break; - result[j++] = (val >> 8) & 0xff; /* Mid 8 bits */ - if (j >= result_size) - break; - result[j++] = val & 0xff; /* Low 8 bits */ - val = c = 0; - } - return; -} - -int -nw_base64_decode_len(const char *data) -{ - int i, j; - - j = 0; - for (i = strlen(data) - 1; i >= 0; i--) { - if (data[i] == '=') - j++; - if (data[i] != '=') - break; - } - return strlen(data) / 4 * 3 - j; -} === removed file 'helpers/negotiate_auth/wrapper/nw_base64.h' --- helpers/negotiate_auth/wrapper/nw_base64.h 2011-04-15 11:51:15 +0000 +++ helpers/negotiate_auth/wrapper/nw_base64.h 1970-01-01 00:00:00 +0000 @@ -1,11 +0,0 @@ -#ifndef _NW_BASE64_H -#define _NW_BASE64_H - -/* - * Markus Moeller has modified the following code from Squid - */ - -void nw_base64_decode(char *result, const char *data, int result_size); -int nw_base64_decode_len(const char *data); - -#endif === modified file 'helpers/ntlm_auth/fake/ntlm_fake_auth.cc' --- helpers/ntlm_auth/fake/ntlm_fake_auth.cc 2011-01-25 21:30:11 +0000 +++ helpers/ntlm_auth/fake/ntlm_fake_auth.cc 2011-04-19 02:43:57 +0000 @@ -174,7 +174,7 @@ *p = '\0'; /* strip \n */ buflen = strlen(buf); /* keep this so we only scan the buffer for \0 once per loop */ if (buflen > 3) - packet = (ntlmhdr*)base64_decode(buf + 3); + packet = (ntlmhdr*)old_base64_decode(buf + 3); if (buflen > 3 && NTLM_packet_debug_enabled) { strncpy(helper_command, buf, 2); helper_command[2] = '\0'; === modified file 'helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc' --- helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc 2011-04-09 02:37:59 +0000 +++ helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc 2011-04-16 13:28:41 +0000 @@ -525,9 +525,9 @@ if (memcmp(buf, "KK ", 3) == 0) { /* authenticate-request */ /* figure out what we got */ - decoded = base64_decode(buf + 3); + decoded = old_base64_decode(buf + 3); /* Note: we don't need to manage memory at this point, since - * base64_decode returns a pointer to static storage. + * old_base64_decode returns a pointer to static storage. */ if (!decoded) { /* decoding failure, return error */ === modified file 'include/base64.h' --- include/base64.h 2010-11-02 00:12:43 +0000 +++ include/base64.h 2011-04-20 13:47:45 +0000 @@ -5,10 +5,53 @@ extern "C" { #endif - extern char *base64_decode(const char *coded); - extern const char *base64_encode(const char *decoded); + // Decoding functions + + /// Calculate the decoded length of a given nul-terminated blob. + /// NUL pointer and empty strings are accepted, result is zero. + /// Any return value <= zero means no decoded result can be produced. + extern int base64_decode_len(const char *data); + + /// Decode a base-64 encoded blob into a provided buffer. + /// Will not terminate the resulting string. + /// In-place decoding overlap is supported if result is equal or earlier that the source pointer. + /// + /// \return number of bytes filled in result. + extern int base64_decode(char *result, const char *p, unsigned int result_size); + + // Old decoder. Now a wrapper for the new. + // Output is presented in a static buffer which will only remain valid until next call. + // Ensures a nul-terminated result. Will always return non-NULL. + extern char *old_base64_decode(const char *coded); + + + // Encoding functions + + /// Calculate the buffer size required to hold the encoded form of a string of length 'len'. + extern int base64_encode_len(int len); + + /// Base-64 encode a string into a given buffer. + /// Will not terminate the resulting string. + /// \return the number of bytes filled in result. + extern int base64_encode(char *result, const char *data, int result_size, int data_size); + + /// Base-64 encode a string into a given buffer. + /// Will terminate the resulting string. + /// \return the number of bytes filled in result. Including the terminator. + extern int base64_encode_str(char *result, const char *data, int result_size, int data_size); + + /// Base-64 encode a binary array. + /// Output is presented in a static buffer which will only remain valid until next call. + /// Ensures a nul-terminated result. Will always return non-NULL. extern const char *base64_encode_bin(const char *data, int len); + // Old decoder. Now a wrapper for the new. + // Output is presented in a static buffer which will only remain valid until next call. + // Ensures a nul-terminated result. Will always return non-NULL. + // Will terminate the resulting string. + extern const char *old_base64_encode(const char *decoded); + + #ifdef __cplusplus } #endif === modified file 'lib/base64.c' --- lib/base64.c 2010-11-01 05:44:28 +0000 +++ lib/base64.c 2011-04-28 04:57:44 +0000 @@ -1,5 +1,10 @@ /* * $Id$ + * + * AUTHOR: Unknown + * AUTHOR: Markus Moeller + * + * Encoders adopted from http://ftp.sunet.se/pub2/gnu/vm/base64-encode.c with adjustments. */ #include "config.h" @@ -37,19 +42,49 @@ base64_initialized = 1; } +int +base64_decode_len(const char *data) +{ + int i, j; + + if (!data || !*data) + return 0; + + j = 0; + for (i = strlen(data) - 1; i >= 0; i--) { + if (data[i] == '=') + j++; + if (data[i] != '=') + break; + } + return strlen(data) / 4 * 3 - j; +} + +// old version. Wrapper for the new. char * -base64_decode(const char *p) +old_base64_decode(const char *p) { static char result[BASE64_RESULT_SZ]; - int j; - int c; - long val; + memset(result, '\0', sizeof(result)); if (!p) return NULL; + base64_decode(result, p, sizeof(result)); + result[BASE64_RESULT_SZ-1] = '\0'; + return result; +} + +int +base64_decode(char *result, const char *p, unsigned int result_size) +{ + int j = 0; + int c; + long val; + if (!p || !result || result_size == 0) + return j; if (!base64_initialized) base64_init(); val = c = 0; - for (j = 0; *p && j + 4 < BASE64_RESULT_SZ; p++) { + for (; *p; p++) { unsigned int k = ((unsigned char) *p) % BASE64_VALUE_SZ; if (base64_value[k] < 0) continue; @@ -58,39 +93,95 @@ if (++c < 4) continue; /* One quantum of four encoding characters/24 bit */ - result[j++] = (val >> 16) & 0xff; /* High 8 bits */ - result[j++] = (val >> 8) & 0xff; /* Mid 8 bits */ - result[j++] = val & 0xff; /* Low 8 bits */ + if (j+4 <= result_size) { + // Speed optimization: plenty of space, avoid some per-byte checks. + result[j++] = (val >> 16) & 0xff; /* High 8 bits */ + result[j++] = (val >> 8) & 0xff; /* Mid 8 bits */ + result[j++] = val & 0xff; /* Low 8 bits */ + } else { + // part-quantum goes a bit slower with per-byte checks + result[j++] = (val >> 16) & 0xff; /* High 8 bits */ + if (j == result_size) + return j; + result[j++] = (val >> 8) & 0xff; /* Mid 8 bits */ + if (j == result_size) + return j; + result[j++] = val & 0xff; /* Low 8 bits */ + } + if (j == result_size) + return j; val = c = 0; } - result[j] = 0; - return result; -} - -/* adopted from http://ftp.sunet.se/pub2/gnu/vm/base64-encode.c with adjustments */ + return j; +} + +int +base64_encode_len(int len) +{ + return ((len + 2) / 3 * 4) + 1; +} + const char * -base64_encode(const char *decoded_str) +old_base64_encode(const char *decoded_str) { static char result[BASE64_RESULT_SZ]; + base64_encode_str(result, decoded_str, sizeof(result), strlen(decoded_str)); + return result; +} + +int +base64_encode_str(char *result, const char *data, int result_size, int data_size) +{ + int used = base64_encode(result, data, result_size, data_size); + /* terminate */ + if (used >= result_size) { + result[result_size - 1] = '\0'; + return result_size; + } else { + result[used++] = '\0'; + } + return used; +} + +/* adopted from http://ftp.sunet.se/pub2/gnu/vm/base64-encode.c with adjustments */ +int +base64_encode(char *result, const char *data, int result_size, int data_size) +{ int bits = 0; int char_count = 0; int out_cnt = 0; - int c; - if (!decoded_str) - return decoded_str; + if (!data || !*data || !result || result_size < 1 || data_size < 1) + return 0; if (!base64_initialized) base64_init(); - while ((c = (unsigned char) *decoded_str++) && out_cnt < sizeof(result) - 5) { + while (data_size--) { + int c = (unsigned char) *data++; bits += c; char_count++; if (char_count == 3) { - result[out_cnt++] = base64_code[bits >> 18]; - result[out_cnt++] = base64_code[(bits >> 12) & 0x3f]; - result[out_cnt++] = base64_code[(bits >> 6) & 0x3f]; - result[out_cnt++] = base64_code[bits & 0x3f]; + if (out_cnt >= result_size) + break; + if (out_cnt+4 <= result_size) { + result[out_cnt++] = base64_code[bits >> 18]; + result[out_cnt++] = base64_code[(bits >> 12) & 0x3f]; + result[out_cnt++] = base64_code[(bits >> 6) & 0x3f]; + result[out_cnt++] = base64_code[bits & 0x3f]; + } else { + // part-quantum goes a bit slower with per-byte checks + result[out_cnt++] = base64_code[bits >> 18]; + if (out_cnt >= result_size) + break; + result[out_cnt++] = base64_code[(bits >> 12) & 0x3f]; + if (out_cnt >= result_size) + break; + result[out_cnt++] = base64_code[(bits >> 6) & 0x3f]; + if (out_cnt >= result_size) + break; + result[out_cnt++] = base64_code[bits & 0x3f]; + } bits = 0; char_count = 0; } else { @@ -99,18 +190,29 @@ } if (char_count != 0) { bits <<= 16 - (8 * char_count); + if (out_cnt >= result_size) + return result_size; result[out_cnt++] = base64_code[bits >> 18]; + if (out_cnt >= result_size) + return result_size; result[out_cnt++] = base64_code[(bits >> 12) & 0x3f]; if (char_count == 1) { + if (out_cnt >= result_size) + return result_size; result[out_cnt++] = '='; + if (out_cnt >= result_size) + return result_size; result[out_cnt++] = '='; } else { + if (out_cnt >= result_size) + return result_size; result[out_cnt++] = base64_code[(bits >> 6) & 0x3f]; + if (out_cnt >= result_size) + return result_size; result[out_cnt++] = '='; } } - result[out_cnt] = '\0'; /* terminate */ - return result; + return (out_cnt >= result_size?result_size:out_cnt); } /* adopted from http://ftp.sunet.se/pub2/gnu/vm/base64-encode.c with adjustments */ === modified file 'src/HttpHeader.cc' --- src/HttpHeader.cc 2011-03-22 12:23:25 +0000 +++ src/HttpHeader.cc 2011-04-16 13:25:52 +0000 @@ -1414,7 +1414,7 @@ if (!*field) /* no authorization cookie */ return NULL; - return base64_decode(field); + return old_base64_decode(field); } ETag === modified file 'src/adaptation/icap/ModXact.cc' --- src/adaptation/icap/ModXact.cc 2011-04-07 12:42:02 +0000 +++ src/adaptation/icap/ModXact.cc 2011-04-16 15:38:01 +0000 @@ -1425,7 +1425,7 @@ if (request->auth_user_request != NULL) { char const *name = request->auth_user_request->username(); if (name) { - const char *value = TheConfig.client_username_encode ? base64_encode(name) : name; + const char *value = TheConfig.client_username_encode ? old_base64_encode(name) : name; buf.Printf("%s: %s\r\n", TheConfig.client_username_header, value); } } === modified file 'src/http.cc' --- src/http.cc 2011-04-06 16:25:36 +0000 +++ src/http.cc 2011-04-16 15:38:59 +0000 @@ -1606,7 +1606,7 @@ snprintf(loginbuf, sizeof(loginbuf), "%s%s", username, orig_request->peer_login + 1); httpHeaderPutStrf(hdr_out, header, "Basic %s", - base64_encode(loginbuf)); + old_base64_encode(loginbuf)); return; } @@ -1619,7 +1619,7 @@ SQUIDSTRINGPRINT(orig_request->extacl_user), SQUIDSTRINGPRINT(orig_request->extacl_passwd)); httpHeaderPutStrf(hdr_out, header, "Basic %s", - base64_encode(loginbuf)); + old_base64_encode(loginbuf)); return; } @@ -1640,7 +1640,7 @@ #endif /* HAVE_KRB5 && HAVE_GSSAPI */ httpHeaderPutStrf(hdr_out, header, "Basic %s", - base64_encode(orig_request->peer_login)); + old_base64_encode(orig_request->peer_login)); return; } @@ -1771,7 +1771,7 @@ if (!hdr_out->has(HDR_AUTHORIZATION)) { if (!request->flags.proxying && *request->login) { httpHeaderPutStrf(hdr_out, HDR_AUTHORIZATION, "Basic %s", - base64_encode(request->login)); + old_base64_encode(request->login)); } } === modified file 'tools/cachemgr.cc' --- tools/cachemgr.cc 2011-04-12 11:33:32 +0000 +++ tools/cachemgr.cc 2011-04-20 13:44:10 +0000 @@ -1053,16 +1053,17 @@ return; /* host | time | user | passwd */ - snprintf(buf, sizeof(buf), "%s|%d|%s|%s", - req->hostname, - (int) now, - req->user_name ? req->user_name : "", - req->passwd); - + int blen = snprintf(buf, sizeof(buf), "%s|%d|%s|%s", + req->hostname, + (int) now, + req->user_name ? req->user_name : "", + req->passwd); debug("cmgr: pre-encoded for pub: %s\n", buf); - debug("cmgr: encoded: '%s'\n", base64_encode(buf)); - req->pub_auth = xstrdup(base64_encode(buf)); + int elen = base64_encode_len(blen); + req->pub_auth = (char *) xmalloc(elen); + base64_encode_str(req->pub_auth, buf, elen, blen); + debug("cmgr: encoded: '%s'\n", req->pub_auth); } static void @@ -1080,7 +1081,9 @@ if (!req->pub_auth || strlen(req->pub_auth) < 4 + strlen(safe_str(req->hostname))) return; - buf = xstrdup(base64_decode(req->pub_auth)); + int alen = base64_decode_len(req->pub_auth); + buf = (char*)xmalloc(alen); + base64_decode(buf, req->pub_auth, sizeof(req->pub_auth)); debug("cmgr: length ok\n"); @@ -1136,16 +1139,18 @@ { static char buf[1024]; size_t stringLength = 0; - const char *str64; if (!req->passwd) return ""; - snprintf(buf, sizeof(buf), "%s:%s", - req->user_name ? req->user_name : "", - req->passwd); + int blen = snprintf(buf, sizeof(buf), "%s:%s", + req->user_name ? req->user_name : "", + req->passwd); - str64 = base64_encode(buf); + int alen = base64_encode_len(blen); + char *str64 = static_cast(xmalloc(alen)); + if (base64_encode_str(str64, buf, alen, blen) == 0) + return ""; stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64); === modified file 'tools/squidclient.cc' --- tools/squidclient.cc 2011-02-17 14:57:33 +0000 +++ tools/squidclient.cc 2011-04-16 15:41:44 +0000 @@ -489,7 +489,7 @@ exit(1); } snprintf(buf, BUFSIZ, "%s:%s", user, password); - snprintf(buf, BUFSIZ, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf)); + snprintf(buf, BUFSIZ, "Proxy-Authorization: Basic %s\r\n", old_base64_encode(buf)); strcat(msg, buf); } if (www_user) { @@ -504,7 +504,7 @@ exit(1); } snprintf(buf, BUFSIZ, "%s:%s", user, password); - snprintf(buf, BUFSIZ, "Authorization: Basic %s\r\n", base64_encode(buf)); + snprintf(buf, BUFSIZ, "Authorization: Basic %s\r\n", old_base64_encode(buf)); strcat(msg, buf); } #if HAVE_GSSAPI