------------------------------------------------------------ revno: 12392 revision-id: squid3@treenet.co.nz-20121124015847-7lbp5y6xz4uxp29y parent: squid3@treenet.co.nz-20121118113748-8h7tfoqqt3cvidba committer: Amos Jeffries branch nick: 3.3 timestamp: Fri 2012-11-23 18:58:47 -0700 message: digest_edirectory_auth: improved error handling Malicious response from LDAP server can cause squid helper to crash. Missing realm value returned from LDAP without error/missing value being indicated in the response can lead to strcmp() using a NULL pointer. Extremely unlikely to happen in practice, but worth fixing. Detected by Coverity Scan. Issue 740399 ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20121124015847-7lbp5y6xz4uxp29y # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.3 # testament_sha1: bdc7bd9d8910511322de4970f7b34cd26e5c19c9 # timestamp: 2012-11-24 02:04:42 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.3 # base_revision_id: squid3@treenet.co.nz-20121118113748-\ # 8h7tfoqqt3cvidba # # Begin patch === modified file 'helpers/digest_auth/eDirectory/ldap_backend.cc' --- helpers/digest_auth/eDirectory/ldap_backend.cc 2012-08-28 13:00:30 +0000 +++ helpers/digest_auth/eDirectory/ldap_backend.cc 2012-11-24 01:58:47 +0000 @@ -286,7 +286,8 @@ value = values; while (*value) { if (encrpass) { - if (strcmp(strtok(*value, delimiter), realm) == 0) { + const char *t = strtok(*value, delimiter); + if (t && strcmp(t, realm) == 0) { password = strtok(NULL, delimiter); break; }