mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1732249 - Check if secInfo->GetServerCert returns a null cert r=necko-reviewers,kershaw 

Differential Revision: https://phabricator.services.mozilla.com/D126453
This commit is contained in:
Valentin Gosu 2021-09-23 09:00:18 +00:00
Родитель b8d1653388
Коммит 373cbe05bd
1 изменённых файлов: 14 добавлений и 14 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

28
netwerk/protocol/http/nsHttpNTLMAuth.cpp
Просмотреть файл

@ -301,6 +301,8 @@ nsHttpNTLMAuth::GenerateCredentials(
rv = module->Init(serviceName, reqFlags, domain, user, pass); rv = module->Init(serviceName, reqFlags, domain, user, pass);
if (NS_FAILED(rv)) return rv; if (NS_FAILED(rv)) return rv;
inBufLen = 0;
inBuf = nullptr;
// This update enables updated Windows machines (Win7 or patched previous // This update enables updated Windows machines (Win7 or patched previous
// versions) and Linux machines running Samba (updated for Channel // versions) and Linux machines running Samba (updated for Channel
// Binding), to perform Channel Binding when authenticating using NTLMv2 // Binding), to perform Channel Binding when authenticating using NTLMv2
@ -308,6 +310,7 @@ nsHttpNTLMAuth::GenerateCredentials(
// //
// Currently only implemented for Windows, linux support will be landing in // Currently only implemented for Windows, linux support will be landing in
// a separate patch, update this #ifdef accordingly then. // a separate patch, update this #ifdef accordingly then.
// Extended protection update is just for Linux and Windows machines.
#if defined(XP_WIN) /* || defined (LINUX) */ #if defined(XP_WIN) /* || defined (LINUX) */
// We should retrieve the server certificate and compute the CBT, // We should retrieve the server certificate and compute the CBT,
// but only when we are using the native NTLM implementation and // but only when we are using the native NTLM implementation and
@ -330,22 +333,19 @@ nsHttpNTLMAuth::GenerateCredentials(
rv = secInfo->GetServerCert(getter_AddRefs(cert)); rv = secInfo->GetServerCert(getter_AddRefs(cert));
if (NS_FAILED(rv)) return rv; if (NS_FAILED(rv)) return rv;
certArray.emplace(); if (cert) {
rv = cert->GetRawDER(*certArray); certArray.emplace();
if (NS_FAILED(rv)) return rv; rv = cert->GetRawDER(*certArray);
if (NS_FAILED(rv)) {
return rv;
}
// If there is a server certificate, we pass it along the // If there is a server certificate, we pass it along the
// first time we call GetNextToken(). // first time we call GetNextToken().
inBufLen = certArray->Length(); inBufLen = certArray->Length();
inBuf = certArray->Elements(); inBuf = certArray->Elements();
} else { }
// If there is no server certificate, we don't pass anything.
inBufLen = 0;
inBuf = nullptr;
} }
#else // Extended protection update is just for Linux and Windows machines.
inBufLen = 0;
inBuf = nullptr;
#endif #endif
} else { } else {
// decode challenge; skip past "NTLM " to the start of the base64 // decode challenge; skip past "NTLM " to the start of the base64