summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2020-01-09 22:35:03 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-01-09 22:35:03 +0100
commit0186023f4adebc5ff1bfc4ac4a3f3870d7dd68af (patch)
tree6482fdf98233ee81da47e9cf97931335a073bfc4
parent51b1cd97aa1c9204d22535038ad1463d89f93232 (diff)
downloadUXP-0186023f4adebc5ff1bfc4ac4a3f3870d7dd68af.tar
UXP-0186023f4adebc5ff1bfc4ac4a3f3870d7dd68af.tar.gz
UXP-0186023f4adebc5ff1bfc4ac4a3f3870d7dd68af.tar.lz
UXP-0186023f4adebc5ff1bfc4ac4a3f3870d7dd68af.tar.xz
UXP-0186023f4adebc5ff1bfc4ac4a3f3870d7dd68af.zip
Handle missing base64 challenge in NegotiateAuth and NTLMAuth.
-rw-r--r--extensions/auth/nsHttpNegotiateAuth.cpp5
-rw-r--r--netwerk/protocol/http/nsHttpNTLMAuth.cpp4
2 files changed, 6 insertions, 3 deletions
diff --git a/extensions/auth/nsHttpNegotiateAuth.cpp b/extensions/auth/nsHttpNegotiateAuth.cpp
index adea54b85..8b6be915e 100644
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@@ -530,8 +530,11 @@ nsHttpNegotiateAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChanne
challenge++;
len = strlen(challenge);
+ if (!len)
+ return NS_ERROR_UNEXPECTED;
+
// strip off any padding (see bug 230351)
- while (challenge[len - 1] == '=')
+ while (len && challenge[len - 1] == '=')
len--;
//
diff --git a/netwerk/protocol/http/nsHttpNTLMAuth.cpp b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
index aa5b1f8f7..86bfcf4d1 100644
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@@ -486,8 +486,8 @@ nsHttpNTLMAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChannel,
len -= 5;
// strip off any padding (see bug 230351)
- while (challenge[len - 1] == '=')
- len--;
+ while (len && challenge[len - 1] == '=')
+ len--;
// decode into the input secbuffer
rv = Base64Decode(challenge, len, (char**)&inBuf, &inBufLen);