From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 8 Aug 2013 06:06:58 +0000 (-0600)
Subject: Handle NTLM helper returning OK without user= value
X-Git-Tag: SQUID_3_4_0_2~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efdf2c3931f9d5a38ad300de79780509c29c611f;p=thirdparty%2Fsquid.git

Handle NTLM helper returning OK without user= value

Prevent crash by treating this case as an error and failed
authentication

 Detected by Coverity Scan. Issue 1020656.
---

diff --git a/src/auth/ntlm/UserRequest.cc b/src/auth/ntlm/UserRequest.cc
index a7516be83a..01300609ec 100644
--- a/src/auth/ntlm/UserRequest.cc
+++ b/src/auth/ntlm/UserRequest.cc
@@ -255,6 +255,13 @@ Auth::Ntlm::UserRequest::HandleReply(void *data, const HelperReply &reply)
     case HelperReply::Okay: {
         /* we're finished, release the helper */
         const char *userLabel = reply.notes.findFirst("user");
+        if (!userLabel) {
+            auth_user_request->user()->credentials(Auth::Failed);
+            safe_free(lm_request->server_blob);
+            lm_request->releaseAuthServer();
+            debugs(29, DBG_CRITICAL, "ERROR: NTLM Authentication helper returned no username. Result: " << reply);
+            break;
+        }
         auth_user_request->user()->username(userLabel);
         auth_user_request->denyMessage("Login successful");
         safe_free(lm_request->server_blob);