From f59508e6cdebb74c0d8c4bacee44a79c8209ac68 Mon Sep 17 00:00:00 2001
From: Evgeny Grin <k2k@narod.ru>
Date: Wed, 25 May 2022 18:51:19 +0300
Subject: [PATCH] digest: tolerate missing "realm"

Server headers may not define "realm", avoid NULL pointer dereference
in such cases.

Closes #8912
---
 lib/vauth/digest.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c
index 3539bdfc36..43b8ad846f 100644
--- a/lib/vauth/digest.c
+++ b/lib/vauth/digest.c
@@ -695,7 +695,7 @@ static CURLcode auth_create_digest_http_message(
   }
 
   if(digest->userhash) {
-    hashthis = aprintf("%s:%s", userp, digest->realm);
+    hashthis = aprintf("%s:%s", userp, digest->realm ? digest->realm : "");
     if(!hashthis)
       return CURLE_OUT_OF_MEMORY;
 
@@ -715,7 +715,8 @@ static CURLcode auth_create_digest_http_message(
            unq(nonce-value) ":" unq(cnonce-value)
   */
 
-  hashthis = aprintf("%s:%s:%s", userp, digest->realm, passwdp);
+  hashthis = aprintf("%s:%s:%s", userp, digest->realm ? digest->realm : "",
+                     passwdp);
   if(!hashthis)
     return CURLE_OUT_OF_MEMORY;
 
@@ -804,7 +805,13 @@ static CURLcode auth_create_digest_http_message(
   userp_quoted = auth_digest_string_quoted(digest->userhash ? userh : userp);
   if(!userp_quoted)
     return CURLE_OUT_OF_MEMORY;
-  realm_quoted = auth_digest_string_quoted(digest->realm);
+  if(digest->realm)
+    realm_quoted = auth_digest_string_quoted(digest->realm);
+  else {
+    realm_quoted = malloc(1);
+    if(realm_quoted)
+      realm_quoted[0] = 0;
+  }
   if(!realm_quoted) {
     free(userp_quoted);
     return CURLE_OUT_OF_MEMORY;
-- 
2.47.3