From: amosjeffries <>
Date: Fri, 3 Aug 2007 08:11:17 +0000 (+0000)
Subject: Add assert()s to validate state in Basic Auth
X-Git-Tag: SQUID_3_0_PRE7~112
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=2948b229af567fdfd6744e38113f341aecd7ff7e;p=thirdparty%2Fsquid.git

Add assert()s to validate state in Basic Auth

Coverity checker picked up a number of cases where casting might (rarely)
cause a NULL pointer and a dereference occured afterwards.
This patch adds several assert statements to cause squid to abort at the
source of these errors rather than segfault later.
No code logic has been changed in any way.
---

diff --git a/src/auth/basic/auth_basic.cc b/src/auth/basic/auth_basic.cc
index e0f99e1e64..3e6f655908 100644
--- a/src/auth/basic/auth_basic.cc
+++ b/src/auth/basic/auth_basic.cc
@@ -1,5 +1,5 @@
 /*
- * $Id: auth_basic.cc,v 1.51 2007/08/02 04:18:14 amosjeffries Exp $
+ * $Id: auth_basic.cc,v 1.52 2007/08/03 02:11:17 amosjeffries Exp $
  *
  * DEBUG: section 29    Authenticator
  * AUTHOR: Duane Wessels
@@ -259,6 +259,8 @@ authenticateBasicHandleReply(void *data, char *reply)
     assert(r->auth_user_request->user()->auth_type == AUTH_BASIC);
     basic_data *basic_auth = dynamic_cast<basic_data *>(r->auth_user_request->user());
 
+    assert(basic_auth != NULL);
+
     if (reply && (strncasecmp(reply, "OK", 2) == 0))
         basic_auth->flags.credentials_ok = 1;
     else {
@@ -642,6 +644,7 @@ AuthBasicUserRequest::module_start(RH * handler, void *data)
     basic_data *basic_auth;
     assert(user()->auth_type == AUTH_BASIC);
     basic_auth = dynamic_cast<basic_data *>(user());
+    assert(basic_auth != NULL);
     debugs(29, 9, "AuthBasicUserRequest::start: '" << basic_auth->username() << ":" << basic_auth->passwd << "'");
 
     if (basicConfig.authenticate == NULL) {