ws: Fix bug parsing invalid base64 headers

The len parameter to g_base64_decode_inplace() is a inout parameter, and needs to be initialized. Lets just use the simpler g_base64_decode() function. This fixes a segfault. Cherry-picked from master commit c51f617 https://bugzilla.redhat.com/show_bug.cgi?id=1659542 Closes cockpit-project#10906
VinayaSathyanarayana · Jan 4, 2019 · 3b84079 · 3b84079
1 parent 857773b
commit 3b84079
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 5 deletions.
diff --git a/src/ws/cockpitauth.c b/src/ws/cockpitauth.c
@@ -1174,16 +1174,19 @@ cockpit_auth_class_init (CockpitAuthClass *klass)
   cockpit_authorize_logger (authorize_logger, 0);
 }
 
-static char *
+static gchar *
 base64_decode_string (const char *enc)
 {
+  gchar *dec;
+  gsize len;
+
   if (enc == NULL)
     return NULL;
 
-  char *dec = g_strdup (enc);
-  gsize len;
-  g_base64_decode_inplace (dec, &len);
-  dec[len] = '\0';
+  dec = (gchar *)g_base64_decode (enc, &len);
+  if (dec)
+    dec[len] = '\0';
+
   return dec;
 }
 

diff --git a/src/ws/test-auth.c b/src/ws/test-auth.c
@@ -286,6 +286,12 @@ test_headers_bad (Test *test,
   if (cockpit_auth_check_cookie (test->auth, "/cockpit", headers))
       g_assert_not_reached ();
 
+  /* Bad encoding */
+  g_hash_table_remove_all (headers);
+  g_hash_table_insert (headers, g_strdup ("Cookie"), g_strdup ("cockpit=d"));
+  if (cockpit_auth_check_cookie (test->auth, "/cockpit", headers))
+      g_assert_not_reached ();
+
   g_hash_table_destroy (headers);
 }