From: Amos Jeffries <squid3@treenet.co.nz>
Date: Wed, 14 Nov 2012 01:33:49 +0000 (-0700)
Subject: digest_edirectory_auth: improved error handling
X-Git-Tag: SQUID_3_4_0_1~515
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f7f2e2d6e59e49b8d0f144dfb335f6ece00d8042;p=thirdparty%2Fsquid.git

digest_edirectory_auth: improved error handling

Malicious response from LDAP server can cause squid helper to crash.

Missing realm value returned from LDAP without error/missing value being
indicated in the response can lead to strcmp() using a NULL pointer.
 Extremely unlikely to happen in practice, but worth fixing.

 Detected by Coverity Scan. Issue 740399
---

diff --git a/helpers/digest_auth/eDirectory/ldap_backend.cc b/helpers/digest_auth/eDirectory/ldap_backend.cc
index e7deefc258..0ce4fb82ce 100644
--- a/helpers/digest_auth/eDirectory/ldap_backend.cc
+++ b/helpers/digest_auth/eDirectory/ldap_backend.cc
@@ -286,7 +286,8 @@ retrydnattr:
             value = values;
             while (*value) {
                 if (encrpass) {
-                    if (strcmp(strtok(*value, delimiter), realm) == 0) {
+                    const char *t = strtok(*value, delimiter);
+                    if (t && strcmp(t, realm) == 0) {
                         password = strtok(NULL, delimiter);
                         break;
                     }