Closed
Bug 42782
Opened 25 years ago
Closed 25 years ago
basic auth sends password with a trailing null
Categories
(Core :: Networking, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: anthony, Assigned: shaver)
References
()
Details
Basic auth sends the base64 encoded username:password with a trailing
null. Naughty.
For username 'anthony', password 'anthony', older mozillas and
netscape send:
YW50aG9ueTphbnRob255
anthony:anthony
But mozilla sends
YW50aG9ueTphbnRob255AA==
anthony:anthony\0
This has probably been able to escape detection because most
servers are written in C :)
This is in 2000061510, and a number of others from the last two weeks.
|
Reporter | |
Comment 1•25 years ago
|
||
I think the problem's in nsBasicAuth, why is it +2, not +1?
|
||
Comment 2•25 years ago
|
||
Shaver changed the call PL_Base64Encode from
PL_Base64Encode(tempBuff, 0, nsnull);
to
PL_Base64Encode(tempBuff, length, nsnull);
thus not letting PL_Base64Encode figure out the string length with PL_strlen. As
'length' is the length allocated for the 'user:password' string, this includes
the trailing null. Either above call should revert to
PL_Base64Encode(tempBuff, 0, nsnull);
again, or it should be called as
PL_Base64Encode(tempBuff, length - 1, nsnull); // Length minus trailing null
Or there should be a check for the trailing null, adjusting the length
appropriatly.
CC-ing shaver for feedback on change.
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
Assignee | |
Comment 3•25 years ago
|
||
I'll take this one, and attach a compiles, should-work, haven't yet tested patch
for review.
Can someone put an URL in this bug that I can use to test it?
Assignee: gagan → shaver
|
|
||
Comment 4•25 years ago
|
||
URL with basic auth (lowercase 'basic' =)):
http://www.zopatista.com/manage
user basic_auth, password basic_auth
|
|
Assignee | |
Comment 5•25 years ago
|
||
OK, I'm going to attach a patch to 42008 that should fix this as well. Thanks,
MJ!
Status: NEW → ASSIGNED
|
|
||
Comment 7•25 years ago
|
||
Set dependency to remind ppl of the fact that the patch for this bug is attached
to bug #42008.
Depends on: 42008
|
|
Reporter | |
Comment 8•25 years ago
|
||
This is now fixed (the patch applied for 42008 also fixes
this). Can/Should I mark it as fixed, or is that for the
QA types to do?
|
|
Assignee | |
Comment 9•25 years ago
|
||
Long dead, thanks to blizzard.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•