------------------------------------------------------------ revno: 13031 revision-id: squid3@treenet.co.nz-20131119224653-j474wqa23pwxsf86 parent: squid3@treenet.co.nz-20131119224548-mv48sj7b1b5ib9th fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3956 author: Frederic Bourgeois committer: Amos Jeffries branch nick: 3.4 timestamp: Tue 2013-11-19 15:46:53 -0700 message: Bug 3956: xstrndup: tried to dup a NULL pointer ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20131119224653-j474wqa23pwxsf86 # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 # testament_sha1: e72c5172c323373f2c16a1da7dbd9c9575dbc1a3 # timestamp: 2013-11-19 22:52:19 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 # base_revision_id: squid3@treenet.co.nz-20131119224548-\ # mv48sj7b1b5ib9th # # Begin patch === modified file 'src/auth/digest/auth_digest.cc' --- src/auth/digest/auth_digest.cc 2013-09-09 01:25:12 +0000 +++ src/auth/digest/auth_digest.cc 2013-11-19 22:46:53 +0000 @@ -856,37 +856,43 @@ switch (t) { case DIGEST_USERNAME: safe_free(username); - username = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + username = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found Username '" << username << "'"); break; case DIGEST_REALM: safe_free(digest_request->realm); - digest_request->realm = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->realm = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found realm '" << digest_request->realm << "'"); break; case DIGEST_QOP: safe_free(digest_request->qop); - digest_request->qop = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->qop = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found qop '" << digest_request->qop << "'"); break; case DIGEST_ALGORITHM: safe_free(digest_request->algorithm); - digest_request->algorithm = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->algorithm = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found algorithm '" << digest_request->algorithm << "'"); break; case DIGEST_URI: safe_free(digest_request->uri); - digest_request->uri = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->uri = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found uri '" << digest_request->uri << "'"); break; case DIGEST_NONCE: safe_free(digest_request->nonceb64); - digest_request->nonceb64 = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->nonceb64 = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found nonce '" << digest_request->nonceb64 << "'"); break; @@ -900,13 +906,15 @@ case DIGEST_CNONCE: safe_free(digest_request->cnonce); - digest_request->cnonce = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->cnonce = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found cnonce '" << digest_request->cnonce << "'"); break; case DIGEST_RESPONSE: safe_free(digest_request->response); - digest_request->response = xstrndup(value.rawBuf(), value.size() + 1); + if (value.size() != 0) + digest_request->response = xstrndup(value.rawBuf(), value.size() + 1); debugs(29, 9, HERE << "Found response '" << digest_request->response << "'"); break;