[Webkit-unassigned] [Bug 170055] htdigestparser fails out early when malformed entries are found
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 24 10:06:57 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=170055
--- Comment #8 from Carlos Alberto Lopez Perez <clopez at igalia.com> ---
(In reply to Alexey Proskuryakov from comment #7)
> One surprisingly common scenario in which it is important to parse configs
> strictly is to protect against a vulnerability where an attacker has partial
> control over their content. E.g. they could put arbitrary content there, but
> only with some prefix.
>
> So I don't think that being forgiving is desirable.
That patch doesn't cause the auth to be more forgiving.
What this does is to only try to authenticate if the entry with the digest hash meets a minimum requirements.
I think is worse from a security point of view to go ahead and try to authenticate against a hash that is clearly not a md5 one (>32 chars or non alphanumeric) when you know it should be a md5, than to filter that entry and ignore it.
In any case this authentication system (AFAIK) is only used for triggering new builds (clean builds) in build.webkit.org. Years ago we had this without even any auth at all.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170324/89d54e15/attachment-0001.html>
More information about the webkit-unassigned
mailing list