Bug Summary

File:src/mod/xml_int/mod_xml_rpc/../../../../libs/xmlrpc-c/src/xmlrpc_authcookie.c
Location:line 67, column 10
Description:Access to field 'fault_occurred' results in a dereference of a null pointer (loaded from variable 'envP')

Annotated Source Code

1/* Copyright (C) 2002 by jeff@ourexchange.net. All rights reserved.
2**
3** Redistribution and use in source and binary forms, with or without
4** modification, are permitted provided that the following conditions
5** are met:
6** 1. Redistributions of source code must retain the above copyright
7** notice, this list of conditions and the following disclaimer.
8** 2. Redistributions in binary form must reproduce the above copyright
9** notice, this list of conditions and the following disclaimer in the
10** documentation and/or other materials provided with the distribution.
11** 3. The name of the author may not be used to endorse or promote products
12** derived from this software without specific prior written permission.
13**
14** THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17** ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18** FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19** DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20** OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21** HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22** LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23** OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24** SUCH DAMAGE. */
25
26#include "xmlrpc_config.h"
27
28#include <stdlib.h>
29#include <stdio.h>
30#include <string.h>
31
32#include "mallocvar.h"
33#include "xmlrpc-c/base.h"
34
35/*****************************************************************************
36 I don't see how these were expected to be used. And I probably
37 broke it somehow at some point by removing code from somewhere else.
38 But I doubt that, whatever it's supposed to do, environment
39 variables are the right tool.
40
41 Note that on a platform that doesn't have SETENV,
42 xmlrpc_authcookie_set() is just a no-op.
43
44 -Bryan 2005.06.10
45****************************************************************************/
46
47void
48xmlrpc_authcookie_set(xmlrpc_env * const envP,
49 const char * const username,
50 const char * const password) {
51
52 char * unencoded;
53 xmlrpc_mem_block * token;
54
55 XMLRPC_ASSERT_ENV_OK(envP)do if (!((envP) != ((void*)0) && (envP->fault_string
== ((void*)0)) && !(envP)->fault_occurred)) xmlrpc_assertion_failed
("../../../../libs/xmlrpc-c/src/xmlrpc_authcookie.c", 55); while
(0)
;
1
Within the expansion of the macro 'XMLRPC_ASSERT_ENV_OK':
a
Assuming 'envP' is equal to null
56 XMLRPC_ASSERT_PTR_OK(username)do if (!((username) != ((void*)0))) xmlrpc_assertion_failed("../../../../libs/xmlrpc-c/src/xmlrpc_authcookie.c"
, 56); while (0)
;
57 XMLRPC_ASSERT_PTR_OK(password)do if (!((password) != ((void*)0))) xmlrpc_assertion_failed("../../../../libs/xmlrpc-c/src/xmlrpc_authcookie.c"
, 57); while (0)
;
58
59 /* Create unencoded string/hash. */
60
61 MALLOCARRAY(unencoded,(strlen(username) + strlen(password) + 1 + 1))do { void * array; mallocProduct(&array, (strlen(username
) + strlen(password) + 1 + 1), sizeof(unencoded[0])); unencoded
= array; } while (0)
;
62 sprintf(unencoded, "%s:%s", username, password);
63
64 /* Create encoded string. */
65 token = xmlrpc_base64_encode_without_newlines(
66 envP, (unsigned char *)unencoded, strlen(unencoded));
67 if (!envP->fault_occurred) {
2
Access to field 'fault_occurred' results in a dereference of a null pointer (loaded from variable 'envP')
68 /* Set HTTP_COOKIE_AUTH to the character representation of the
69 encoded string.
70 */
71#if HAVE_SETENV1
72 setenv("HTTP_COOKIE_AUTH",
73 XMLRPC_MEMBLOCK_CONTENTS(char, token)((char*) xmlrpc_mem_block_contents(token)),
74 1);
75#endif
76 xmlrpc_mem_block_free(token);
77 }
78 free(unencoded);
79}
80
81
82
83char *xmlrpc_authcookie ( void ) {
84 return getenv("HTTP_COOKIE_AUTH");
85}