There is missing check of status value in
http_auth.c:http_create_auth_request() which can leave values
inside 'DATA_BLOB in' unitialized.
http_auth.c:http_create_auth_request() calls
http_auth.c:http_parse_auth_response() which can return NT_STATUS_NOT_SUPPORTED
and which is not checked by caller and later passed as argument to other functions.
For example:
'DATA_BLOB in' can be passed to
auth/gensec/spnego.c:gensec_spnego_update() later:
...
switch (spnego_state->state_position) {
..
case SPNEGO_SERVER_START:
if (in.length) {
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
if (auth_response) {
status = http_parse_auth_response(auth, auth_response, &in);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
} else {
in = data_blob_null;
}