From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 28 Sep 2014 18:35:47 +0000 (-0700)
Subject: Fix various null dereferences
X-Git-Tag: SQUID_3_5_0_1~34
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d01c5ab94fb8e60986690f26d758c605ebacbf9;p=thirdparty%2Fsquid.git

Fix various null dereferences

Fairly rare occurances hard to hit but still possible. Any one of these
could crash Squid in their particular circumstances.

  Detected by Coverity Scan. Issue 1187972, 1187973, 1232097, 1241502.
---

diff --git a/src/auth/digest/UserRequest.cc b/src/auth/digest/UserRequest.cc
index b4a5b07877..858708a76c 100644
--- a/src/auth/digest/UserRequest.cc
+++ b/src/auth/digest/UserRequest.cc
@@ -237,6 +237,9 @@ Auth::Digest::UserRequest::addAuthenticationInfoHeader(HttpReply * rep, int acce
     if ((static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) {
         flags.authinfo_sent = true;
         Auth::Digest::User *digest_user = dynamic_cast<Auth::Digest::User *>(user().getRaw());
+        if (!digest_user)
+            return;
+
         digest_nonce_h *nextnonce = digest_user->currentNonce();
         if (!nextnonce || authDigestNonceLastRequest(nonce)) {
             nextnonce = authenticateDigestNonceNew();
diff --git a/src/helper.cc b/src/helper.cc
index 51d9396f60..96cb72fef4 100644
--- a/src/helper.cc
+++ b/src/helper.cc
@@ -415,7 +415,7 @@ helperStatefulSubmit(statefulhelper * hlp, const char *buf, HLPCB * callback, vo
     }
 
     debugs(84, DBG_DATA, "placeholder: '" << r->placeholder <<
-           "', " << Raw("buf", buf, strlen(buf)));
+           "', " << Raw("buf", buf, (!buf?0:strlen(buf))));
 }
 
 /**
diff --git a/src/servers/FtpServer.cc b/src/servers/FtpServer.cc
index 1465425f08..c459a5cfef 100644
--- a/src/servers/FtpServer.cc
+++ b/src/servers/FtpServer.cc
@@ -604,6 +604,7 @@ Ftp::Server::earlyError(const EarlyErrorKind eek)
     clientStreamNode *node = context->getClientReplyContext();
     Must(node);
     clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
+    Must(repContext);
 
     // We cannot relay FTP scode/reason via HTTP-specific ErrorState.
     // TODO: When/if ErrorState can handle native FTP errors, use it instead.
diff --git a/tools/squidclient/Ping.cc b/tools/squidclient/Ping.cc
index 9f5f9d09d1..01f235c6f5 100644
--- a/tools/squidclient/Ping.cc
+++ b/tools/squidclient/Ping.cc
@@ -194,7 +194,10 @@ Ping::TheConfig::parseCommandOpts(int argc, char *argv[], int c, int &optIndex)
             break;
 
         case 'I':
-            if ((interval = atoi(optarg) * 1000) <= 0) {
+            if (!optarg) {
+                std::cerr << "ERROR: -I ping interval missing parameter." << std::endl;
+                usage();
+            } else if ((interval = atoi(optarg) * 1000) <= 0) {
                 std::cerr << "ERROR: -I ping interval out of range (0-" << (INT_MAX/1000) << ")." << std::endl;
                 usage();
             }