diff options
| author | Mark Nauwelaerts <mark.nauwelaerts@collabora.co.uk> | 2012-01-31 12:02:45 +0100 |
|---|---|---|
| committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2012-02-08 10:06:50 +0000 |
| commit | b562f9bbe31b5c5277b2b7d1482d98b5aa42a593 (patch) | |
| tree | c6b5fc1b317df979f2e424611038b5100a970a83 | |
| parent | fddede281641ad6fb7cb03bde1239f038c98034b (diff) | |
| download | libsoup-b562f9bbe31b5c5277b2b7d1482d98b5aa42a593.tar.gz | |
Safeguard against NULL in strcmp
[In both of these cases, the situation being guarded against is:
check_password() is called, but soup_message_headers_get_one() does not find
an "Authorization" header. -smcv]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Dan Winship <danw@gnome.org>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=669479
Bug-NB: NB#297634
| -rw-r--r-- | libsoup/soup-auth-domain-basic.c | 2 | ||||
| -rw-r--r-- | libsoup/soup-auth-domain-digest.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/libsoup/soup-auth-domain-basic.c b/libsoup/soup-auth-domain-basic.c index 49f82443..db3d6d53 100644 --- a/libsoup/soup-auth-domain-basic.c +++ b/libsoup/soup-auth-domain-basic.c @@ -268,7 +268,7 @@ parse_basic (SoupMessage *msg, const char *header, char *decoded, *colon; gsize len, plen; - if (strncmp (header, "Basic ", 6) != 0) + if (!header || (strncmp (header, "Basic ", 6) != 0)) return FALSE; decoded = (char *)g_base64_decode (header + 6, &len); diff --git a/libsoup/soup-auth-domain-digest.c b/libsoup/soup-auth-domain-digest.c index cee77451..203b9f24 100644 --- a/libsoup/soup-auth-domain-digest.c +++ b/libsoup/soup-auth-domain-digest.c @@ -431,7 +431,7 @@ check_password (SoupAuthDomain *domain, header = soup_message_headers_get_one (msg->request_headers, "Authorization"); - if (strncmp (header, "Digest ", 7) != 0) + if (!header || (strncmp (header, "Digest ", 7) != 0)) return FALSE; params = soup_header_parse_param_list (header + 7); |