OK florian On 3 November 2019 10:57:58 CET, Clemens Goessnitzer <[email protected]> wrote: >Is this NULL check needed? clt_pass is checked for being NULL and >dereferenced >four lines above: > > if ((clt_pass = strchr(decoded, ':')) == NULL) > goto done; > > clt_user = decoded; > *clt_pass++ = '\0'; > if ((clt->clt_remote_user = strdup(clt_user)) == NULL) > goto done; > > if (clt_pass == NULL) > goto done; > >Index: server_http.c >=================================================================== >RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v >retrieving revision 1.134 >diff -u -p -u -r1.134 server_http.c >--- server_http.c 22 Oct 2019 09:31:23 -0000 1.134 >+++ server_http.c 3 Nov 2019 09:52:24 -0000 >@@ -153,9 +153,6 @@ server_http_authenticate(struct server_c > if ((clt->clt_remote_user = strdup(clt_user)) == NULL) > goto done; > >- if (clt_pass == NULL) >- goto done; >- > if ((fp = fopen(auth->auth_htpasswd, "r")) == NULL) > goto done; >
-- Sent from a mobile device. Please excuse poor formating.
