Closed Bug 42782 Opened 24 years ago Closed 24 years ago

basic auth sends password with a trailing null

Categories

(Core :: Networking, defect, P3)

Product:
Core
Component:
Networking
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: anthony, Assigned: shaver)

References

(
URL
)

Details

Basic auth sends the base64 encoded username:password with a trailing
null. Naughty.

For username 'anthony', password 'anthony', older mozillas and
netscape send:
YW50aG9ueTphbnRob255
anthony:anthony

But mozilla sends
YW50aG9ueTphbnRob255AA==
anthony:anthony\0

This has probably been able to escape detection because most
servers are written in C :)


This is in 2000061510, and a number of others from the last two weeks.
I think the problem's in nsBasicAuth, why is it +2, not +1?
URL: http://lxr.mozilla.org/mozilla/source...
Shaver changed the call PL_Base64Encode from 

  PL_Base64Encode(tempBuff, 0, nsnull); 

to 

  PL_Base64Encode(tempBuff, length, nsnull);

thus not letting PL_Base64Encode figure out the string length with PL_strlen. As
'length' is the length allocated for the 'user:password' string, this includes
the trailing null. Either above call should revert to

  PL_Base64Encode(tempBuff, 0, nsnull);

again, or it should be called as

  PL_Base64Encode(tempBuff, length - 1, nsnull); // Length minus trailing null

Or there should be a check for the trailing null, adjusting the length
appropriatly.

CC-ing shaver for feedback on change.
Status: UNCONFIRMED → NEW
Ever confirmed: true
I'll take this one, and attach a compiles, should-work, haven't yet tested patch
for review.

Can someone put an URL in this bug that I can use to test it?
Assignee: gagan → shaver
URL with basic auth (lowercase 'basic' =)):

  http://www.zopatista.com/manage

user basic_auth, password basic_auth

OK, I'm going to attach a patch to 42008 that should fix this as well.  Thanks,
MJ!
Status: NEW → ASSIGNED
*** Bug 43010 has been marked as a duplicate of this bug. ***
Set dependency to remind ppl of the fact that the patch for this bug is attached
to bug #42008.
Depends on: 42008
This is now fixed (the patch applied for 42008 also fixes
this). Can/Should I mark it as fixed, or is that for the
QA types to do?
Long dead, thanks to blizzard.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
verified
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.