cURL / Mailing Lists / curl-library / Single Mail

curl-library

Uninitialized variable in http_ntlm.c

From: Michael Mueller <mmueller_at_vigilantsw.com>
Date: Tue, 19 Jul 2011 13:38:28 -0700

Hi all,

Sentry (our static analysis tool) found an uninitialized variable bug
in libcurl last night. In the function CURLcode sso_ntlm_initiate,
the code in question (introduced in commit a6d4807):

     const char *ntlm_auth;
     ...
     #ifdef DEBUGBUILD
       ntlm_auth=getenv("NTLM_AUTH");
     #endif
--> if(!ntlm_auth)
       ntlm_auth = NTLM_AUTH;

Here ntlm_auth is only initialized if the DEBUGBUILD macro is defined,
otherwise it will be used uninitialized in the 'if' statement that
follows. This could result in undefined behavior if ntlm_auth when
eventually dereferenced.

Suggested fix:
- const char *ntlm_auth;
+ const char *ntlm_auth = NULL;

Best,
Mike

-- 
Mike Mueller
Phone: (401) 405-1525
Email: mmueller_at_vigilantsw.com
http://www.vigilantsw.com/
Software Analysis for C and C++
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2011-07-19

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [PATCH 1/2]Add NTLM single-sign-on support by using /usr/bin/ntlm_auth"
Previous message: balloon: "Re: warning when static build curl"
Next in thread: Daniel Stenberg: "Re: Uninitialized variable in http_ntlm.c"
Reply: Daniel Stenberg: "Re: Uninitialized variable in http_ntlm.c"
Reply: Wu, Mandy: "Re: Uninitialized variable in http_ntlm.c"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]