search

siva-msft / curl

Other
0 stars 0 forks source link

Potential security issue in lib/vauth/digest_sspi.c: Unchecked return from initialization function #32

Closed monocle-ai closed 4 years ago

monocle-ai commented 4 years ago

What is a Conditionally Uninitialized Variable? The return value of a function that is potentially used to initialize a local variable is not checked. Therefore, reading the local variable may result in undefined behavior.

5 instances of this defect were found in the following locations:

Instance 1 File : lib/vauth/digest_sspi.c Function: Curl_auth_create_digest_md5_message https://github.com/siva-msft/curl/blob/6374c826c173e84ef964c4316686bef5481516a7/lib/vauth/digest_sspi.c#L220 Code extract:


  if(status == SEC_I_COMPLETE_NEEDED ||
     status == SEC_I_COMPLETE_AND_CONTINUE)
    s_pSecFn->CompleteAuthToken(&credentials, &resp_desc); <------ HERE
  else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
    s_pSecFn->FreeCredentialsHandle(&credentials);

Instance 2 File : lib/vauth/digest_sspi.c Function: Curl_auth_create_digest_md5_message https://github.com/siva-msft/curl/blob/6374c826c173e84ef964c4316686bef5481516a7/lib/vauth/digest_sspi.c#L222 Code extract:

     status == SEC_I_COMPLETE_AND_CONTINUE)
    s_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
  else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
    s_pSecFn->FreeCredentialsHandle(&credentials); <------ HERE
    Curl_sspi_free_identity(p_identity);
    free(spn);

Instance 3 File : lib/vauth/digest_sspi.c Function: Curl_auth_create_digest_http_message https://github.com/siva-msft/curl/blob/6374c826c173e84ef964c4316686bef5481516a7/lib/vauth/digest_sspi.c#L585 Code extract:


    spn = Curl_convert_UTF8_to_tchar((char *) uripath);
    if(!spn) {
      s_pSecFn->FreeCredentialsHandle(&credentials); <------ HERE

      Curl_sspi_free_identity(p_identity);

Instance 4 File : lib/vauth/digest_sspi.c Function: Curl_auth_create_digest_http_message https://github.com/siva-msft/curl/blob/6374c826c173e84ef964c4316686bef5481516a7/lib/vauth/digest_sspi.c#L609 Code extract:


    if(status == SEC_I_COMPLETE_NEEDED ||
       status == SEC_I_COMPLETE_AND_CONTINUE)
      s_pSecFn->CompleteAuthToken(&credentials, &resp_desc); <------ HERE
    else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
      s_pSecFn->FreeCredentialsHandle(&credentials);

Instance 5 File : lib/vauth/digest_sspi.c Function: Curl_auth_create_digest_http_message https://github.com/siva-msft/curl/blob/6374c826c173e84ef964c4316686bef5481516a7/lib/vauth/digest_sspi.c#L611 Code extract:

       status == SEC_I_COMPLETE_AND_CONTINUE)
      s_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
    else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
      s_pSecFn->FreeCredentialsHandle(&credentials); <------ HERE

      Curl_sspi_free_identity(p_identity);