Fix a null-pointer dereference in establish_http_proxy_passthru()

Prevents that the client crashes if the peer does not specify the 'realm' and/or 'nonce' values. These pointers are dereferenced in DigestCalcHA1() and DigestCalcResponse(); hence, if not set, a null-pointer dereference would occur. Signed-off-by: Guido Vranken <[email protected]> Acked-by: Gert Doering <[email protected]> Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg14844.html Signed-off-by: Gert Doering <[email protected]>
julek-wolfssl · Jun 16, 2017 · 1486577 · 1486577
1 parent e6bf7e0
commit 1486577
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
@@ -875,6 +875,13 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
                 const char *algor = get_pa_var("algorithm", pa, &gc);
                 const char *opaque = get_pa_var("opaque", pa, &gc);
 
+                if ( !realm || !nonce )
+                {
+                    msg(D_LINK_ERRORS, "HTTP proxy: digest auth failed, malformed response "
+                            "from server: realm= or nonce= missing" );
+                    goto error;
+                }
+
                 /* generate a client nonce */
                 ASSERT(rand_bytes(cnonce_raw, sizeof(cnonce_raw)));
                 cnonce = make_base64_string2(cnonce_raw, sizeof(cnonce_raw), &gc);