lib/http/http_auth: Fix CID 1273428 - Unchecked return value

There is missing check of status value in http_auth.c:http_create_auth_request() which can leave values inside 'DATA_BLOB in' unitialized. http_auth.c:http_create_auth_request() calls http_auth.c:http_parse_auth_response() which can return NT_STATUS_NOT_SUPPORTED and which is not checked by caller and later passed as argument to other functions. For example: 'DATA_BLOB in' can be passed to auth/gensec/spnego.c:gensec_spnego_update() later: ... switch (spnego_state->state_position) { .. case SPNEGO_SERVER_START: if (in.length) { Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
author: Robin Hack <hack.robin@gmail.com> 2016-04-26 13:58:27 +0200
committer: Jeremy Allison <jra@samba.org> 2016-04-26 22:48:22 +0200
commit: 9a7a38a6dde6418e48048fdf8bfcd6f38674e443 (patch)
tree: b1e2d7f48b7cbeb0de57deed9d3f07c1344515f5 /source4
parent: b9ffb9322b987409693e4faa277b5e3f46ad8b22 (diff)
download: samba-9a7a38a6dde6418e48048fdf8bfcd6f38674e443.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/source4/lib/http/http_auth.c b/source4/lib/http/http_auth.c
index d846ec2a048..b6f102f9d8b 100644
--- a/source4/lib/http/http_auth.c
+++ b/source4/lib/http/http_auth.c
@@ -96,6 +96,9 @@ static NTSTATUS http_create_auth_request(TALLOC_CTX *mem_ctx,
 
 	if (auth_response) {
 		status = http_parse_auth_response(auth, auth_response, &in);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 	} else {
 		in = data_blob_null;
 	}
author	Robin Hack <hack.robin@gmail.com>	2016-04-26 13:58:27 +0200
committer	Jeremy Allison <jra@samba.org>	2016-04-26 22:48:22 +0200
commit	9a7a38a6dde6418e48048fdf8bfcd6f38674e443 (patch)
tree	b1e2d7f48b7cbeb0de57deed9d3f07c1344515f5 /source4
parent	b9ffb9322b987409693e4faa277b5e3f46ad8b22 (diff)
download	samba-9a7a38a6dde6418e48048fdf8bfcd6f38674e443.tar.gz