diff options
author | Robin Hack <hack.robin@gmail.com> | 2016-04-26 13:58:27 +0200 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2016-04-26 22:48:22 +0200 |
commit | 9a7a38a6dde6418e48048fdf8bfcd6f38674e443 (patch) | |
tree | b1e2d7f48b7cbeb0de57deed9d3f07c1344515f5 /source4 | |
parent | b9ffb9322b987409693e4faa277b5e3f46ad8b22 (diff) | |
download | samba-9a7a38a6dde6418e48048fdf8bfcd6f38674e443.tar.gz |
lib/http/http_auth: Fix CID 1273428 - Unchecked return value
There is missing check of status value in
http_auth.c:http_create_auth_request() which can leave values
inside 'DATA_BLOB in' unitialized.
http_auth.c:http_create_auth_request() calls
http_auth.c:http_parse_auth_response() which can return NT_STATUS_NOT_SUPPORTED
and which is not checked by caller and later passed as argument to other functions.
For example:
'DATA_BLOB in' can be passed to
auth/gensec/spnego.c:gensec_spnego_update() later:
...
switch (spnego_state->state_position) {
..
case SPNEGO_SERVER_START:
if (in.length) {
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/lib/http/http_auth.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/source4/lib/http/http_auth.c b/source4/lib/http/http_auth.c index d846ec2a048..b6f102f9d8b 100644 --- a/source4/lib/http/http_auth.c +++ b/source4/lib/http/http_auth.c @@ -96,6 +96,9 @@ static NTSTATUS http_create_auth_request(TALLOC_CTX *mem_ctx, if (auth_response) { status = http_parse_auth_response(auth, auth_response, &in); + if (!NT_STATUS_IS_OK(status)) { + return status; + } } else { in = data_blob_null; } |