Quit NTLM authenticate() on missing NTLM authorization header (#2216)

author Joshua Rogers <MegaManSec@users.noreply.github.com>

Sat, 25 Oct 2025 08:42:26 +0000 (08:42 +0000)

committer Squid Anubis <squid-anubis@squid-cache.org>

Sat, 25 Oct 2025 08:42:38 +0000 (08:42 +0000)
author Joshua Rogers <MegaManSec@users.noreply.github.com>
Sat, 25 Oct 2025 08:42:26 +0000 (08:42 +0000)
committer Squid Anubis <squid-anubis@squid-cache.org>
Sat, 25 Oct 2025 08:42:38 +0000 (08:42 +0000)
diff --git a/src/auth/ntlm/UserRequest.cc b/src/auth/ntlm/UserRequest.cc

index 378061e4538836543ee58fb10c54f14b9965e295..7cd914d47cc6c40cd2fd78f6a0357b0e26811ef2 100644 (file)
--- a/src/auth/ntlm/UserRequest.cc
+++ b/src/auth/ntlm/UserRequest.cc
@@ -186,20 +186,23 @@ Auth::Ntlm::UserRequest::authenticate(HttpRequest * aRequest, ConnStateData * co
      /* get header */
      const char *proxy_auth = aRequest->header.getStr(type);
  
+    /* if proxy_auth is actually NULL, we'd better not manipulate it. */
+    if (!proxy_auth) {
+        debugs(29, 4, "WARNING: NTLM Authentication missing authorization header");
+        return;
+    }
+
      /* locate second word */
      const char *blob = proxy_auth;
  
-    /* if proxy_auth is actually NULL, we'd better not manipulate it. */
-    if (blob) {
-        while (xisspace(*blob) && *blob)
-            ++blob;
+    while (xisspace(*blob) && *blob)
+        ++blob;
  
-        while (!xisspace(*blob) && *blob)
-            ++blob;
+    while (!xisspace(*blob) && *blob)
+        ++blob;
  
-        while (xisspace(*blob) && *blob)
-            ++blob;
-    }
+    while (xisspace(*blob) && *blob)
+        ++blob;
  
      switch (user()->credentials()) {
author	Joshua Rogers <MegaManSec@users.noreply.github.com>
	Sat, 25 Oct 2025 08:42:26 +0000 (08:42 +0000)
committer	Squid Anubis <squid-anubis@squid-cache.org>
	Sat, 25 Oct 2025 08:42:38 +0000 (08:42 +0000)