---------------------
PatchSet 11631 
Date: 2007/09/03 02:45:38
Author: hno
Branch: SQUID_2_6
Tag: (none) 
Log:
MFC: Bug #2072: digest_pw_auth fails when using plaintext passwords

digest_pw_auth may crash or otherwise fail when using plaintext passwords.

Workaround (and more secure): Store Digest H(A1) hashed passwords instead.

Members: 
	helpers/digest_auth/password/text_backend.c:1.1->1.1.2.1 

Index: squid/helpers/digest_auth/password/text_backend.c
===================================================================
RCS file: /cvsroot/squid/squid/helpers/digest_auth/password/text_backend.c,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -u -r1.1 -r1.1.2.1
--- squid/helpers/digest_auth/password/text_backend.c	16 May 2006 01:21:29 -0000	1.1
+++ squid/helpers/digest_auth/password/text_backend.c	3 Sep 2007 02:45:38 -0000	1.1.2.1
@@ -99,7 +99,7 @@
 		fprintf(stderr, "digest_pw_auth: ignoring invalid password for %s\n", user);
 		continue;
 	    }
-	    u = xmalloc(sizeof(*u));
+	    u = xcalloc(1, sizeof(*u));
 	    if (realm) {
 		int len = strlen(user) + strlen(realm) + 2;
 		u->hash.key = malloc(len);