https://bugzilla.samba.org/show_bug.cgi?id=3584
Summary: base64 function does not pad output correctly
Product: rsync
Version: 2.6.6
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: core
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
QAContact: [EMAIL PROTECTED]
The base64 function in authenticate.c does not correcly pad the output data.
This can easily be seen by having it encode N bytes of data, where N is -not- a
multiple of 3. For instance:
base64("123") == "MTIz" (correct value: "MTIz")
base64("1234") == "MTIzNA" (correct value: "MTIzNA==")
Because of this bug, HTTP Basic authentication may not work correctly,
depending on the length of the username and password.
The patch below fixes this problem.
----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----
--- rsync-2.6.6/authenticate.c-orig 2006-03-06 11:10:23.000000000 +0100
+++ rsync-2.6.6/authenticate.c 2006-03-06 11:10:54.000000000 +0100
@@ -49,6 +49,9 @@
}
out[i] = b64[idx];
}
+
+ while ((i % 4) > 0)
+ out[i++] = '=';
}
/* Generate a challenge buffer and return it base64-encoded. */
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
--
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
