From 214ba9e83a99bdd750510d83e1743b7ce62d9a2b Mon Sep 17 00:00:00 2001 From: Shane Kearns Date: Fri, 9 Dec 2011 11:49:50 +0000 Subject: Fix null pointer dereference in NTLM authentication If NTLM authentication is required for the URL with an empty path, then QNetworkAuthenticationCache::findClosestMatch(url.path()) returns 0. e.g. "http://10.1.2.3". Return a default constructed credential in this case. Change-Id: I84ad3b308ee3f74fbbac9ad0f11dbdc66047b50b Reviewed-by: Robin Burchell Reviewed-by: Martin Petersson (cherry picked from commit b830c9cededf995fab1b0919a81658ceaec8d422) --- src/network/access/qnetworkaccessauthenticationmanager.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/network/access/qnetworkaccessauthenticationmanager.cpp b/src/network/access/qnetworkaccessauthenticationmanager.cpp index 1b15cf9..b618ccc 100644 --- a/src/network/access/qnetworkaccessauthenticationmanager.cpp +++ b/src/network/access/qnetworkaccessauthenticationmanager.cpp @@ -283,9 +283,12 @@ QNetworkAccessAuthenticationManager::fetchCachedCredentials(const QUrl &url, QNetworkAuthenticationCache *auth = static_cast(authenticationCache.requestEntryNow(cacheKey)); - QNetworkAuthenticationCredential cred = *auth->findClosestMatch(url.path()); + QNetworkAuthenticationCredential *cred = auth->findClosestMatch(url.path()); + QNetworkAuthenticationCredential ret; + if (cred) + ret = *cred; authenticationCache.releaseEntry(cacheKey); - return cred; + return ret; } void QNetworkAccessAuthenticationManager::clearCache() -- cgit v0.12 From 43d4faf686da7d553171d7c8894c2825b4572dd6 Mon Sep 17 00:00:00 2001 From: Shane Kearns Date: Fri, 9 Dec 2011 12:06:04 +0000 Subject: Fix NTLM authentication with email address When using "user@dns-domain" for NTLM authentication, the whole string should be sent as the username, and the domain should be set to an empty string. The domain sent by the server is still reflected if the username does not contain an '@' character. Manually tested using MS IIS on a domain-joined PC. Task-number: QTBUG-19894 Task-number: ou1cimx1#949951 Change-Id: Ie1f81172e71cb7cce7b8c909062be990c24aea47 Reviewed-by: Martin Petersson (cherry picked from commit f74ff46c7a333d771b07d8ff38df10d9fd13bbcf) --- src/network/kernel/qauthenticator.cpp | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/src/network/kernel/qauthenticator.cpp b/src/network/kernel/qauthenticator.cpp index 0423e22..7b63567 100644 --- a/src/network/kernel/qauthenticator.cpp +++ b/src/network/kernel/qauthenticator.cpp @@ -220,12 +220,6 @@ void QAuthenticator::setUser(const QString &user) d->userDomain = user.left(separatorPosn); d->extractedUser = user.mid(separatorPosn + 1); d->user = user; - } else if((separatorPosn = user.indexOf(QLatin1String("@"))) != -1) { - //domain name is present - d->realm.clear(); - d->userDomain = user.mid(separatorPosn + 1); - d->extractedUser = user.left(separatorPosn); - d->user = user; } else { d->extractedUser = user; d->user = user; @@ -1381,8 +1375,9 @@ static QByteArray qNtlmPhase3(QAuthenticatorPrivate *ctx, const QByteArray& phas int offset = QNtlmPhase3BlockBase::Size; Q_ASSERT(QNtlmPhase3BlockBase::Size == sizeof(QNtlmPhase3BlockBase)); - - if(ctx->userDomain.isEmpty()) { + + // for kerberos style user@domain logins, NTLM domain string should be left empty + if (ctx->userDomain.isEmpty() && !ctx->extractedUser.contains(QLatin1Char('@'))) { offset = qEncodeNtlmString(pb.domain, offset, ch.targetNameStr, unicode); pb.domainStr = ch.targetNameStr; } else { -- cgit v0.12