www/squid27/patches/patch-am


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

$NetBSD: patch-am,v 1.3 2011/11/28 15:26:26 drochner Exp $

protect against CVE-2011-4122

--- helpers/basic_auth/PAM/pam_auth.c.orig	2005-05-17 16:56:25.000000000 +0000
+++ helpers/basic_auth/PAM/pam_auth.c
@@ -188,6 +188,11 @@ start:
 	exit(1);
     }
 
+    if (strchr(service, '/')) {
+	    fprintf(stderr, "Illegal service '%s'\n", service);
+	    exit(1);
+    }
+
     while (fgets(buf, BUFSIZE, stdin)) {
 	user = buf;
 	password = strchr(buf, '\n');