1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
Description: Repair a use critical segmentation fault in auth.c
Upstream implements 'Digest' authentication as an empty
stub in ndAuthParamCreateDigest(), only returning NULL,
which upon dereferencing causes a segmentation fault.
.
The handler ndAuthParamCreate() is extended to check for
a failed method registration. The handler then gets to
return a NULL pointer on its own, which is soundly
managed in earlier parts of the code.
.
The stub ndAuthParamCreateDigest() still gets to return NULL,
but now outputs an error message claiming lack of support.
Forwarded: yes
Bug-Debian: http://bugs.debian.org/366914
Author: Mats Erik Andersson <mats.andersson@gisladisker.se>
--- nd-0.8.2.orig/auth.c 2003-10-15 01:45:26.000000000 +0200
+++ nd-0.8.2/auth.c 2009-12-15 13:47:09.000000000 +0100
@@ -125,6 +125,10 @@ ndAuthParamCreate (hauth, p)
/* Init Param */
param = hauth->param_fn ();
+
+ if ( param == NULL )
+ return NULL;
+
while (*p != '\0') {
SKIP_BLANKS(p);
for (ap = param; ap->name != NULL; ap++)
@@ -214,6 +218,8 @@ ndAuthParamPtr
ndAuthParamCreateDigest ()
{
/* Not Implemented */
+ fprintf(stderr, "Authentication needs 'Digest' method, which is not implemented yet.\n");
+
return NULL;
}
|
