From 214ba9e83a99bdd750510d83e1743b7ce62d9a2b Mon Sep 17 00:00:00 2001 From: Shane Kearns Date: Fri, 9 Dec 2011 11:49:50 +0000 Subject: Fix null pointer dereference in NTLM authentication If NTLM authentication is required for the URL with an empty path, then QNetworkAuthenticationCache::findClosestMatch(url.path()) returns 0. e.g. "http://10.1.2.3". Return a default constructed credential in this case. Change-Id: I84ad3b308ee3f74fbbac9ad0f11dbdc66047b50b Reviewed-by: Robin Burchell Reviewed-by: Martin Petersson (cherry picked from commit b830c9cededf995fab1b0919a81658ceaec8d422) --- src/network/access/qnetworkaccessauthenticationmanager.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/network/access/qnetworkaccessauthenticationmanager.cpp b/src/network/access/qnetworkaccessauthenticationmanager.cpp index 1b15cf9..b618ccc 100644 --- a/src/network/access/qnetworkaccessauthenticationmanager.cpp +++ b/src/network/access/qnetworkaccessauthenticationmanager.cpp @@ -283,9 +283,12 @@ QNetworkAccessAuthenticationManager::fetchCachedCredentials(const QUrl &url, QNetworkAuthenticationCache *auth = static_cast(authenticationCache.requestEntryNow(cacheKey)); - QNetworkAuthenticationCredential cred = *auth->findClosestMatch(url.path()); + QNetworkAuthenticationCredential *cred = auth->findClosestMatch(url.path()); + QNetworkAuthenticationCredential ret; + if (cred) + ret = *cred; authenticationCache.releaseEntry(cacheKey); - return cred; + return ret; } void QNetworkAccessAuthenticationManager::clearCache() -- cgit v0.12 From 43d4faf686da7d553171d7c8894c2825b4572dd6 Mon Sep 17 00:00:00 2001 From: Shane Kearns Date: Fri, 9 Dec 2011 12:06:04 +0000 Subject: Fix NTLM authentication with email address When using "user@dns-domain" for NTLM authentication, the whole string should be sent as the username, and the domain should be set to an empty string. The domain sent by the server is still reflected if the username does not contain an '@' character. Manually tested using MS IIS on a domain-joined PC. Task-number: QTBUG-19894 Task-number: ou1cimx1#949951 Change-Id: Ie1f81172e71cb7cce7b8c909062be990c24aea47 Reviewed-by: Martin Petersson (cherry picked from commit f74ff46c7a333d771b07d8ff38df10d9fd13bbcf) --- src/network/kernel/qauthenticator.cpp | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/src/network/kernel/qauthenticator.cpp b/src/network/kernel/qauthenticator.cpp index 0423e22..7b63567 100644 --- a/src/network/kernel/qauthenticator.cpp +++ b/src/network/kernel/qauthenticator.cpp @@ -220,12 +220,6 @@ void QAuthenticator::setUser(const QString &user) d->userDomain = user.left(separatorPosn); d->extractedUser = user.mid(separatorPosn + 1); d->user = user; - } else if((separatorPosn = user.indexOf(QLatin1String("@"))) != -1) { - //domain name is present - d->realm.clear(); - d->userDomain = user.mid(separatorPosn + 1); - d->extractedUser = user.left(separatorPosn); - d->user = user; } else { d->extractedUser = user; d->user = user; @@ -1381,8 +1375,9 @@ static QByteArray qNtlmPhase3(QAuthenticatorPrivate *ctx, const QByteArray& phas int offset = QNtlmPhase3BlockBase::Size; Q_ASSERT(QNtlmPhase3BlockBase::Size == sizeof(QNtlmPhase3BlockBase)); - - if(ctx->userDomain.isEmpty()) { + + // for kerberos style user@domain logins, NTLM domain string should be left empty + if (ctx->userDomain.isEmpty() && !ctx->extractedUser.contains(QLatin1Char('@'))) { offset = qEncodeNtlmString(pb.domain, offset, ch.targetNameStr, unicode); pb.domainStr = ch.targetNameStr; } else { -- cgit v0.12 From b249e4c32d697ef56c196bb2a14a18319100f127 Mon Sep 17 00:00:00 2001 From: Gareth Stockwell Date: Tue, 13 Dec 2011 12:24:14 +0000 Subject: Default to QDir::homePath() in Symbian native file dialogs Symbian places restrictions on the directories in which the native file dialog can browse. If the path passed to QFileDialog::getXxxFileName() is inaccessible, the implementation defaults to a path which is accessible. Previously, this default path was QDir::rootPath(). Changes to the Symbian file engine in Qt 4.8 mean that this now returns "C:\" which is inaccesible to the file dialog. This patch changes the default path to QDir::homePath(), which returns "C:\data". Task-number: ou1cimx1#947939 Reviewed-by: Miikka Heikkinen --- src/gui/dialogs/qfiledialog_symbian.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/gui/dialogs/qfiledialog_symbian.cpp b/src/gui/dialogs/qfiledialog_symbian.cpp index 1ffbf1d..01c7b9b 100644 --- a/src/gui/dialogs/qfiledialog_symbian.cpp +++ b/src/gui/dialogs/qfiledialog_symbian.cpp @@ -143,8 +143,8 @@ static QString launchSymbianDialog(const QString dialogCaption, const QString st tryCount = 0; } else { // Symbian native file dialog doesn't allow accessing files outside C:/Data - // It will always leave in that case, so default into QDir::rootPath() in error cases. - QString dir = QDir::toNativeSeparators(QDir::rootPath()); + // It will always leave in that case, so default into QDir::homePath() in error cases. + QString dir = QDir::toNativeSeparators(QDir::homePath()); startFolder = qt_QString2TPtrC(dir); } } -- cgit v0.12