diff options
| author | Guido Vranken | 2017-06-16 02:58:56 +0200 |
|---|---|---|
| committer | Gert Doering | 2017-06-16 09:08:31 +0200 |
| commit | 14865773ad64d861128bc80ad44c37bdc307c996 (patch) | |
| tree | f3c3f788be8751118d4c2ef145cf3585f8810108 /src | |
| parent | e6bf7e033d063535a4414a4cf49c8f367ecdbb4f (diff) | |
| download | openvpn-14865773ad64d861128bc80ad44c37bdc307c996.zip openvpn-14865773ad64d861128bc80ad44c37bdc307c996.tar.gz | |
Fix a null-pointer dereference in establish_http_proxy_passthru()
Prevents that the client crashes if the peer does not specify
the 'realm' and/or 'nonce' values. These pointers are
dereferenced in DigestCalcHA1() and DigestCalcResponse();
hence, if not set, a null-pointer dereference would occur.
Signed-off-by: Guido Vranken <guidovranken@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1497574736-2092-1-git-send-email-gv@guidovranken.nl>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14844.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src')
| -rw-r--r-- | src/openvpn/proxy.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 05f362d..46cb2bb 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -875,6 +875,13 @@ establish_http_proxy_passthru(struct http_proxy_info *p, const char *algor = get_pa_var("algorithm", pa, &gc); const char *opaque = get_pa_var("opaque", pa, &gc); + if ( !realm || !nonce ) + { + msg(D_LINK_ERRORS, "HTTP proxy: digest auth failed, malformed response " + "from server: realm= or nonce= missing" ); + goto error; + } + /* generate a client nonce */ ASSERT(rand_bytes(cnonce_raw, sizeof(cnonce_raw))); cnonce = make_base64_string2(cnonce_raw, sizeof(cnonce_raw), &gc); |