lib-auth-client: auth-client-request - Fix panic occurring upon channel binding failure

author Stephan Bosch <stephan.bosch@open-xchange.com>

Sat, 30 Aug 2025 15:59:20 +0000 (17:59 +0200)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Tue, 2 Sep 2025 05:26:51 +0000 (05:26 +0000)
author Stephan Bosch <stephan.bosch@open-xchange.com>
Sat, 30 Aug 2025 15:59:20 +0000 (17:59 +0200)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Tue, 2 Sep 2025 05:26:51 +0000 (05:26 +0000)
diff --git a/src/lib-auth-client/auth-client-request.c b/src/lib-auth-client/auth-client-request.c

index 7c5b8643505f0857e66d439188b966080a766e28..a293e40a2cde20bc574d760ca47e0bf366e08be8 100644 (file)
--- a/src/lib-auth-client/auth-client-request.c
+++ b/src/lib-auth-client/auth-client-request.c
@@ -449,32 +449,13 @@ auth_client_request_handle_input(struct auth_client_request **_request,
                 return;
         }
  
-       switch (status) {
-       case AUTH_REQUEST_STATUS_CONTINUE:
-               e = event_create_passthrough(request->event)->
-                       set_name("auth_client_request_challenged");
-
+       if (status == AUTH_REQUEST_STATUS_CONTINUE) {
                 for (tmp = args; tmp != NULL && *tmp != NULL; tmp++) {
                         if (str_begins(*tmp, "channel_binding=",
                                        &cbinding_type))
                                 break;
                 }
                 args = NULL;
-               break;
-       default:
-               e = event_create_passthrough(request->event)->
-                       set_name("auth_client_request_finished");
-
-               for (tmp = args; tmp != NULL && *tmp != NULL; tmp++) {
-                       const char *key;
-                       const char *value;
-                       t_split_key_value_eq(*tmp, &key, &value);
-                       if (str_begins(key, "event_", &key))
-                               event_add_str(request->event, key, value);
-                       else
-                               args_parse_user(request, key, value);
-               }
-               break;
         }
  
         if (cbinding_type != NULL) {
@@ -502,6 +483,27 @@ auth_client_request_handle_input(struct auth_client_request **_request,
                 buffer_append_buf(request->cbinding_data, data, 0, SIZE_MAX);
         }
  
+       switch (status) {
+       case AUTH_REQUEST_STATUS_CONTINUE:
+               e = event_create_passthrough(request->event)->
+                       set_name("auth_client_request_challenged");
+               break;
+       default:
+               e = event_create_passthrough(request->event)->
+                       set_name("auth_client_request_finished");
+
+               for (tmp = args; tmp != NULL && *tmp != NULL; tmp++) {
+                       const char *key;
+                       const char *value;
+                       t_split_key_value_eq(*tmp, &key, &value);
+                       if (str_begins(key, "event_", &key))
+                               event_add_str(request->event, key, value);
+                       else
+                               args_parse_user(request, key, value);
+               }
+               break;
+       }
+
         switch (status) {
         case AUTH_REQUEST_STATUS_OK:
                 e_debug(e->event(), "Finished");
author	Stephan Bosch <stephan.bosch@open-xchange.com>
	Sat, 30 Aug 2025 15:59:20 +0000 (17:59 +0200)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Tue, 2 Sep 2025 05:26:51 +0000 (05:26 +0000)