lib/http/http_auth: Fix CID 1273428 - Unchecked return value
authorRobin Hack <hack.robin@gmail.com>
Tue, 26 Apr 2016 11:58:27 +0000 (13:58 +0200)
committerJeremy Allison <jra@samba.org>
Tue, 26 Apr 2016 20:48:22 +0000 (22:48 +0200)
There is missing check of status value in
http_auth.c:http_create_auth_request() which can leave values
inside 'DATA_BLOB in' unitialized.

http_auth.c:http_create_auth_request() calls
http_auth.c:http_parse_auth_response() which can return NT_STATUS_NOT_SUPPORTED
and which is not checked by caller and later passed as argument to other functions.

For example:
'DATA_BLOB in' can be passed to
auth/gensec/spnego.c:gensec_spnego_update() later:

...
switch (spnego_state->state_position) {
..
case SPNEGO_SERVER_START:
if (in.length) {

Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source4/lib/http/http_auth.c

index d846ec2a0484e2509c5e9d715f57a3536cddcba2..b6f102f9d8b49ae8e35f6752651f1a32ddf6ef8e 100644 (file)
@@ -96,6 +96,9 @@ static NTSTATUS http_create_auth_request(TALLOC_CTX *mem_ctx,
 
        if (auth_response) {
                status = http_parse_auth_response(auth, auth_response, &in);
 
        if (auth_response) {
                status = http_parse_auth_response(auth, auth_response, &in);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
        } else {
                in = data_blob_null;
        }
        } else {
                in = data_blob_null;
        }