From: amosjeffries <> Date: Thu, 2 Aug 2007 08:08:25 +0000 (+0000) Subject: Prevent manipulation of a pointer if it is NULL in NTLM auth. X-Git-Tag: SQUID_3_0_PRE7~128 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6ed9bee4d97fc64aad35f1b219aa4d845d25664a;p=thirdparty%2Fsquid.git Prevent manipulation of a pointer if it is NULL in NTLM auth. Coverity checker detected. AuthNTLMUserRequest::authenticate attempted to locate the auth header. If there is no header resulting it would still attempt to scan its ptr down the header text. This prevents the scanning occuring on NULL. --- diff --git a/src/auth/ntlm/auth_ntlm.cc b/src/auth/ntlm/auth_ntlm.cc index 6c899b83eb..e05b5998c8 100644 --- a/src/auth/ntlm/auth_ntlm.cc +++ b/src/auth/ntlm/auth_ntlm.cc @@ -1,6 +1,6 @@ /* - * $Id: auth_ntlm.cc,v 1.71 2007/07/04 00:55:31 hno Exp $ + * $Id: auth_ntlm.cc,v 1.72 2007/08/02 02:08:25 amosjeffries Exp $ * * DEBUG: section 29 NTLM Authenticator * AUTHOR: Robert Collins, Henrik Nordstrom, Francesco Chemolli @@ -626,14 +626,17 @@ AuthNTLMUserRequest::authenticate(HttpRequest * request, ConnStateData::Pointer /* locate second word */ blob = proxy_auth; - while (xisspace(*blob) && *blob) - blob++; + /* if proxy_auth is actually NULL, we'd better not manipulate it. */ + if(blob) { + while (xisspace(*blob) && *blob) + blob++; - while (!xisspace(*blob) && *blob) - blob++; + while (!xisspace(*blob) && *blob) + blob++; - while (xisspace(*blob) && *blob) - blob++; + while (xisspace(*blob) && *blob) + blob++; + } switch (auth_state) {