From 157b45b3bb9881277df992f32bcdf56634855747 Mon Sep 17 00:00:00 2001 From: Fedor Date: Tue, 21 Jan 2020 14:01:19 +0300 Subject: [PATCH] Handle missing base64 challenge in NegotiateAuth and NTLMAuth. --- extensions/auth/nsHttpNegotiateAuth.cpp | 5 ++++- netwerk/protocol/http/nsHttpNTLMAuth.cpp | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/extensions/auth/nsHttpNegotiateAuth.cpp b/extensions/auth/nsHttpNegotiateAuth.cpp index adea54b85..8b6be915e 100644 --- a/extensions/auth/nsHttpNegotiateAuth.cpp +++ b/extensions/auth/nsHttpNegotiateAuth.cpp @@ -530,8 +530,11 @@ nsHttpNegotiateAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChanne challenge++; len = strlen(challenge); + if (!len) + return NS_ERROR_UNEXPECTED; + // strip off any padding (see bug 230351) - while (challenge[len - 1] == '=') + while (len && challenge[len - 1] == '=') len--; // diff --git a/netwerk/protocol/http/nsHttpNTLMAuth.cpp b/netwerk/protocol/http/nsHttpNTLMAuth.cpp index aa5b1f8f7..86bfcf4d1 100644 --- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp +++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp @@ -486,8 +486,8 @@ nsHttpNTLMAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChannel, len -= 5; // strip off any padding (see bug 230351) - while (challenge[len - 1] == '=') - len--; + while (len && challenge[len - 1] == '=') + len--; // decode into the input secbuffer rv = Base64Decode(challenge, len, (char**)&inBuf, &inBufLen);