From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 26 Nov 2012 08:32:53 +0000 (-0700)
Subject: basic_ncsa_auth: Fix NULL-dereference crash
X-Git-Tag: SQUID_3_2_4~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=da547bd35e13d3982edb94fa84a6b561eaae5662;p=thirdparty%2Fsquid.git

basic_ncsa_auth: Fix NULL-dereference crash

When reading corrupt or broken user passwd files with missing username
data this helper can crash.

 Detected by Coverity Scan. Issue 740398
---

diff --git a/helpers/basic_auth/NCSA/basic_ncsa_auth.cc b/helpers/basic_auth/NCSA/basic_ncsa_auth.cc
index f5ef97e643..7ce42f8b00 100644
--- a/helpers/basic_auth/NCSA/basic_ncsa_auth.cc
+++ b/helpers/basic_auth/NCSA/basic_ncsa_auth.cc
@@ -65,7 +65,7 @@ static void
 read_passwd_file(const char *passwdfile)
 {
     FILE *f;
-    char buf[8192];
+    char buf[HELPER_INPUT_BUFFER];
     user_data *u;
     char *user;
     char *passwd;
@@ -84,11 +84,18 @@ read_passwd_file(const char *passwdfile)
         fprintf(stderr, "FATAL: %s: %s\n", passwdfile, xstrerror());
         exit(1);
     }
-    while (fgets(buf, 8192, f) != NULL) {
+    unsigned int lineCount = 0;
+    buf[HELPER_INPUT_BUFFER-1] = '\0';
+    while (fgets(buf, sizeof(buf)-1, f) != NULL) {
+        ++lineCount;
         if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') ||
                 (buf[0] == '\n'))
             continue;
         user = strtok(buf, ":\n\r");
+        if (user == NULL) {
+            fprintf(stderr, "ERROR: Missing user name at %s line %d\n", passwdfile, lineCount);
+            continue;
+        }
         passwd = strtok(NULL, ":\n\r");
         if ((strlen(user) > 0) && passwd) {
             u = static_cast<user_data*>(xmalloc(sizeof(*u)));