Fix a null-pointer dereference in establish_http_proxy_passthru()

Prevents that the client crashes if the peer does not specify the 'realm' and/or 'nonce' values. These pointers are dereferenced in DigestCalcHA1() and DigestCalcResponse(); hence, if not set, a null-pointer dereference would occur. Signed-off-by: Guido Vranken <guidovranken@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1497574736-2092-1-git-send-email-gv@guidovranken.nl> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14844.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 14865773ad64d861128bc80ad44c37bdc307c996)
2025-05-09 05:31:05 +08:00 · 2017-06-16 02:58:56 +02:00 · 2017-06-16 02:58:56 +02:00 · 479b6d13d8
commit 479b6d13d8
parent 2368072763
1 changed files with 6 additions and 0 deletions
--- a/src/openvpn/proxy.c
+++ b/src/openvpn/proxy.c
@ -725,6 +725,12 @@ establish_http_proxy_passthru (struct http_proxy_info *p,
 	      const char *algor = get_pa_var("algorithm", pa, &gc);
 	      const char *opaque = get_pa_var("opaque", pa, &gc);

+	      if ( !realm || !nonce )
+		{
+		  msg(D_LINK_ERRORS, "HTTP proxy: digest auth failed, malformed response from server: realm= or nonce= missing" );
+		  goto error;
+		}
+
 	      /* generate a client nonce */
 	      ASSERT(rand_bytes(cnonce_raw, sizeof(cnonce_raw)));
 	      cnonce = make_base64_string2(cnonce_raw, sizeof(cnonce_raw), &gc);