From: Robin Hack <hack.robin@gmail.com>
Date: Tue, 26 Apr 2016 11:58:27 +0000 (+0200)
Subject: lib/http/http_auth: Fix CID 1273428 - Unchecked return value
X-Git-Tag: talloc-2.1.7~123
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9a7a38a6dde6418e48048fdf8bfcd6f38674e443;p=thirdparty%2Fsamba.git

lib/http/http_auth: Fix CID 1273428 - Unchecked return value

There is missing check of status value in
http_auth.c:http_create_auth_request() which can leave values
inside 'DATA_BLOB in' unitialized.

http_auth.c:http_create_auth_request() calls
http_auth.c:http_parse_auth_response() which can return NT_STATUS_NOT_SUPPORTED
and which is not checked by caller and later passed as argument to other functions.

For example:
'DATA_BLOB in' can be passed to
auth/gensec/spnego.c:gensec_spnego_update() later:

...
switch (spnego_state->state_position) {
..
	case SPNEGO_SERVER_START:
		if (in.length) {

Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source4/lib/http/http_auth.c b/source4/lib/http/http_auth.c
index d846ec2a048..b6f102f9d8b 100644
--- a/source4/lib/http/http_auth.c
+++ b/source4/lib/http/http_auth.c
@@ -96,6 +96,9 @@ static NTSTATUS http_create_auth_request(TALLOC_CTX *mem_ctx,
 
 	if (auth_response) {
 		status = http_parse_auth_response(auth, auth_response, &in);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 	} else {
 		in = data_blob_null;
 	}