Safeguard against NULL in strcmp

[In both of these cases, the situation being guarded against is:
check_password() is called, but soup_message_headers_get_one() does not find
an "Authorization" header. -smcv]

Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Dan Winship <danw@gnome.org>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=669479
Bug-NB: NB#297634

diff --git a/libsoup/soup-auth-domain-basic.c b/libsoup/soup-auth-domain-basic.c
index 49f8244..db3d6d5 100644 (file)
--- a/libsoup/soup-auth-domain-basic.c
+++ b/libsoup/soup-auth-domain-basic.c
@@ -268,7 +268,7 @@ parse_basic (SoupMessage *msg, const char *header,
        char *decoded, *colon;
        gsize len, plen;
 
-       if (strncmp (header, "Basic ", 6) != 0)
+       if (!header || (strncmp (header, "Basic ", 6) != 0))
                return FALSE;
 
        decoded = (char *)g_base64_decode (header + 6, &len);

diff --git a/libsoup/soup-auth-domain-digest.c b/libsoup/soup-auth-domain-digest.c
index cee7745..203b9f2 100644 (file)
--- a/libsoup/soup-auth-domain-digest.c
+++ b/libsoup/soup-auth-domain-digest.c
@@ -431,7 +431,7 @@ check_password (SoupAuthDomain *domain,
 
        header = soup_message_headers_get_one (msg->request_headers,
                                               "Authorization");
-       if (strncmp (header, "Digest ", 7) != 0)
+       if (!header || (strncmp (header, "Digest ", 7) != 0))
                return FALSE;
 
        params = soup_header_parse_param_list (header + 7);