1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/source4/lib
Robin Hack 9a7a38a6dd lib/http/http_auth: Fix CID 1273428 - Unchecked return value
There is missing check of status value in
http_auth.c:http_create_auth_request() which can leave values
inside 'DATA_BLOB in' unitialized.

http_auth.c:http_create_auth_request() calls
http_auth.c:http_parse_auth_response() which can return NT_STATUS_NOT_SUPPORTED
and which is not checked by caller and later passed as argument to other functions.

For example:
'DATA_BLOB in' can be passed to
auth/gensec/spnego.c:gensec_spnego_update() later:

...
switch (spnego_state->state_position) {
..
	case SPNEGO_SERVER_START:
		if (in.length) {

Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-26 22:48:22 +02:00
..
cmdline s4-lib/cmdline: Fix help for -P / --machine-pass: this no longer implies -k 2015-03-06 17:39:58 +01:00
com lib/dcom: use HRESULT in dcom_create_object. 2015-07-31 01:55:28 +02:00
events s4:lib/events: remove unused allow_warnings=True 2014-11-25 07:25:46 +01:00
http lib/http/http_auth: Fix CID 1273428 - Unchecked return value 2016-04-26 22:48:22 +02:00
messaging build: mark explicit dependencies on pytalloc-util 2016-03-15 07:08:16 +01:00
policy s4-libgpo: fix gcc6 build warning. 2016-02-06 21:48:18 +01:00
registry s4:lib:registry: fix 'Conditional jump or move' valgrind error. 2016-04-25 10:35:14 +02:00
samba3 s4-lib/samba3: Remove unused smbpasswd_decode_acb_info() 2012-02-10 16:45:13 +11:00
socket dlist: remove unneeded type argument from DLIST_ADD_END() 2016-02-06 21:48:17 +01:00
stream dlist: remove unneeded type argument from DLIST_ADD_END() 2016-02-06 21:48:17 +01:00
tls CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification 2016-04-12 19:25:25 +02:00
wmi s4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__ 2016-03-24 15:13:15 +01:00