------------------------------------------------------------ revno: 11706 revision-id: squid3@treenet.co.nz-20121126083253-ei0h1pdlou0nfixw parent: squid3@treenet.co.nz-20121126083202-1atvaxpit5ynfef9 committer: Amos Jeffries branch nick: 3.2 timestamp: Mon 2012-11-26 01:32:53 -0700 message: basic_ncsa_auth: Fix NULL-dereference crash When reading corrupt or broken user passwd files with missing username data this helper can crash. Detected by Coverity Scan. Issue 740398 ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20121126083253-ei0h1pdlou0nfixw # target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_2 # testament_sha1: 12f76101f71d7d0dbc8f456a5e7c10605e32f611 # timestamp: 2012-11-26 08:36:53 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_2 # base_revision_id: squid3@treenet.co.nz-20121126083202-\ # 1atvaxpit5ynfef9 # # Begin patch === modified file 'helpers/basic_auth/NCSA/basic_ncsa_auth.cc' --- helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2012-02-05 06:09:46 +0000 +++ helpers/basic_auth/NCSA/basic_ncsa_auth.cc 2012-11-26 08:32:53 +0000 @@ -65,7 +65,7 @@ read_passwd_file(const char *passwdfile) { FILE *f; - char buf[8192]; + char buf[HELPER_INPUT_BUFFER]; user_data *u; char *user; char *passwd; @@ -84,11 +84,18 @@ fprintf(stderr, "FATAL: %s: %s\n", passwdfile, xstrerror()); exit(1); } - while (fgets(buf, 8192, f) != NULL) { + unsigned int lineCount = 0; + buf[HELPER_INPUT_BUFFER-1] = '\0'; + while (fgets(buf, sizeof(buf)-1, f) != NULL) { + ++lineCount; if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') || (buf[0] == '\n')) continue; user = strtok(buf, ":\n\r"); + if (user == NULL) { + fprintf(stderr, "ERROR: Missing user name at %s line %d\n", passwdfile, lineCount); + continue; + } passwd = strtok(NULL, ":\n\r"); if ((strlen(user) > 0) && passwd) { u = static_cast(xmalloc(sizeof(*u)));