From a176fd8197a2a154e5172e498221ae89c1ce654d Mon Sep 17 00:00:00 2001
From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Sat, 25 Oct 2025 08:42:26 +0000
Subject: [PATCH] Quit NTLM authenticate() on missing NTLM authorization header
 (#2216)

Previously, various null-pointer dereferences, UAFs, and so on occurred.
---
 src/auth/ntlm/UserRequest.cc | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/auth/ntlm/UserRequest.cc b/src/auth/ntlm/UserRequest.cc
index 378061e453..7cd914d47c 100644
--- a/src/auth/ntlm/UserRequest.cc
+++ b/src/auth/ntlm/UserRequest.cc
@@ -186,20 +186,23 @@ Auth::Ntlm::UserRequest::authenticate(HttpRequest * aRequest, ConnStateData * co
     /* get header */
     const char *proxy_auth = aRequest->header.getStr(type);
 
+    /* if proxy_auth is actually NULL, we'd better not manipulate it. */
+    if (!proxy_auth) {
+        debugs(29, 4, "WARNING: NTLM Authentication missing authorization header");
+        return;
+    }
+
     /* locate second word */
     const char *blob = proxy_auth;
 
-    /* if proxy_auth is actually NULL, we'd better not manipulate it. */
-    if (blob) {
-        while (xisspace(*blob) && *blob)
-            ++blob;
+    while (xisspace(*blob) && *blob)
+        ++blob;
 
-        while (!xisspace(*blob) && *blob)
-            ++blob;
+    while (!xisspace(*blob) && *blob)
+        ++blob;
 
-        while (xisspace(*blob) && *blob)
-            ++blob;
-    }
+    while (xisspace(*blob) && *blob)
+        ++blob;
 
     switch (user()->credentials()) {
 
-- 
2.47.3