]> git.ipfire.org Git - thirdparty/squid.git/commitdiff
projects / thirdparty / squid.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 756c32d)
digest_edirectory_auth: improved error handling
authorAmos Jeffries <squid3@treenet.co.nz>
Sat, 24 Nov 2012 01:58:47 +0000 (18:58 -0700)
committerAmos Jeffries <squid3@treenet.co.nz>
Sat, 24 Nov 2012 01:58:47 +0000 (18:58 -0700)
Malicious response from LDAP server can cause squid helper to crash.

Missing realm value returned from LDAP without error/missing value being
indicated in the response can lead to strcmp() using a NULL pointer.
 Extremely unlikely to happen in practice, but worth fixing.

 Detected by Coverity Scan. Issue 740399

helpers/digest_auth/eDirectory/ldap_backend.cc patch | blob | blame | history

diff --git a/helpers/digest_auth/eDirectory/ldap_backend.cc b/helpers/digest_auth/eDirectory/ldap_backend.cc
index 814a5df0238115de05b4178026fc143e1c61192c..020dc33d7ca8074bdf00fb95b6c09cfc68771d4d 100644 (file)
--- a/helpers/digest_auth/eDirectory/ldap_backend.cc
+++ b/helpers/digest_auth/eDirectory/ldap_backend.cc
@@ -286,7 +286,8 @@ retrydnattr:
             value = values;
             while (*value) {
                 if (encrpass) {
-                    if (strcmp(strtok(*value, delimiter), realm) == 0) {
+                    const char *t = strtok(*value, delimiter);
+                    if (t && strcmp(t, realm) == 0) {
                         password = strtok(NULL, delimiter);
                         break;
                     }
Mirror of https://github.com/squid-cache/squid.git