fix crashes in HTTP auth (41404, 41517, r=waterson, a=leaf)

2000-06-05 15:19:32 +00:00 · 2000-06-05 15:19:32 +00:00 · a7f35f0b8d
--- a/netwerk/protocol/http/src/nsBasicAuth.cpp
+++ b/netwerk/protocol/http/src/nsBasicAuth.cpp
@ -61,9 +61,8 @@ nsBasicAuth::Authenticate(nsIURI* i_URI, const char *protocol,
    if (iPass) {
        cPass.AssignWithConversion(iPass);
    }
-    char* tempBuff = (char *)nsMemory::Alloc(cUser.Length() + 
-                                                iPass ? (cPass.Length() + 2) 
-                                                      : 1);
+    PRUint32 length = cUser.Length() + (iPass ? (cPass.Length() + 2) : 1);
+    char* tempBuff = (char *)nsMemory::Alloc(length);
    if (!tempBuff)
        return NS_ERROR_OUT_OF_MEMORY;
    strcpy(tempBuff, cUser.GetBuffer());
@ -72,7 +71,7 @@ nsBasicAuth::Authenticate(nsIURI* i_URI, const char *protocol,
        strcat(tempBuff, cPass.GetBuffer());
    }

-    char *base64Buff = PL_Base64Encode(tempBuff, 0, nsnull); 
+    char *base64Buff = PL_Base64Encode(tempBuff, length, nsnull); 
    if (!base64Buff) {
        nsMemory::Free(tempBuff);
        return NS_ERROR_FAILURE; // ??
--- a/netwerk/protocol/http/src/nsHTTPChannel.cpp
+++ b/netwerk/protocol/http/src/nsHTTPChannel.cpp
@ -1849,7 +1849,7 @@ nsHTTPChannel::Authenticate(const char *iChallenge, PRBool iProxyAuth)
      do_GetServiceFromCategory("http-auth", authType, &rv);
    if (NS_FAILED(rv))
      // XXX report "Authentication-type not supported: %s"
-      return rv;
+      return NS_ERROR_FAILURE;

    nsXPIDLString userBuf, passwdBuf;
    // save me, waterson!
@ -1894,9 +1894,7 @@ nsHTTPChannel::Authenticate(const char *iChallenge, PRBool iProxyAuth)
            return rv;
    }

-    if (!userBuf[0] &&
-        (interactionType == nsIAuthenticator::INTERACTION_STANDARD ||
-         interactionType == nsIAuthenticator::INTERACTION_NONE)) {
+    if (!userBuf && interactionType == nsIAuthenticator::INTERACTION_STANDARD) {
        /* can't proceed without at least a username, can we? */
        return NS_ERROR_FAILURE;
    }
@ -1915,7 +1913,7 @@ nsHTTPChannel::Authenticate(const char *iChallenge, PRBool iProxyAuth)
    // For security/privacy purposes, a response to an authenticated request is
    // not cached, except perhaps in the memory cache.
    // XXX if we had username and passwd in user-auth, and the interaction
-    // XXX was standard or none, then it's safe to cache, I think (shaver)
+    // XXX was standard, then it's safe to cache, I think (shaver)
    mLoadAttributes |= nsIChannel::INHIBIT_PERSISTENT_CACHING;

    // This smells like a clone function... maybe there is a