blob: 874f62e7ad54444c7b56756dcdc9a63ed7af172e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
From 52a0f9234d384b9dab368835b22e5a5a01542168 Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@windriver.com>
Date: Fri, 16 May 2025 14:16:10 +0800
Subject: [PATCH] auth-digest: fix crash in
soup_auth_digest_get_protection_space()
We need to validate the Domain parameter in the WWW-Authenticate header.
Unfortunately this crash only occurs when listening on default ports 80
and 443, so there's no good way to test for this. The test would require
running as root.
Fixes #440
CVE: CVE-2025-4476
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c?merge_request_iid=457]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
libsoup/soup-auth-digest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
index f1621ec..a2dc560 100644
--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
@@ -229,7 +229,7 @@ soup_auth_digest_get_protection_space (SoupAuth *auth, SoupURI *source_uri)
uri = soup_uri_new (d);
if (uri && uri->scheme == source_uri->scheme &&
uri->port == source_uri->port &&
- !strcmp (uri->host, source_uri->host))
+ !g_strcmp0 (uri->host, source_uri->host))
dir = g_strdup (uri->path);
else
dir = NULL;
--
2.34.1
|
