Coverity detected possible NULL dereference.

KK message response with exactly zero-length encrypted data component
will cause Squid fakeauth helper to crash.

Not expected in normal operation. But maybe seen with specially crafted
or rare mangled responses.

diff --git a/helpers/ntlm_auth/fakeauth/fakeauth_auth.c b/helpers/ntlm_auth/fakeauth/fakeauth_auth.c
index e30170a846e201fa7b8fe408e0a78a568cde2de0..18c75fc3bd8773e9c7f5bd38df93f9864f857678 100644 (file)
--- a/helpers/ntlm_auth/fakeauth/fakeauth_auth.c
+++ b/helpers/ntlm_auth/fakeauth/fakeauth_auth.c
@@ -428,7 +428,10 @@ main(int argc, char *argv[])
            } else
                SEND2("TT %s", data);
        } else if (strncasecmp(buf, "KK ", 3) == 0) {
-           if (!ntlmCheckHeader((ntlmhdr *) decoded, NTLM_AUTHENTICATE)) {
+            if(!decoded) {
+                SEND2("BH received KK with no data! user=%s", user);
+            }
+           else if (!ntlmCheckHeader((ntlmhdr *) decoded, NTLM_AUTHENTICATE)) {
                if (!ntlmDecodeAuth((struct ntlm_authenticate *) decoded, user, 256)) {
                    lc(user);
                    if (strip_domain_enabled) {