cstp: Check if uri is NULL in sso_detect_done (!511) · Merge requests · OpenConnect VPN projects / OpenConnect

Rahul Rameshbabu requested to merge Binary-Eater/openconnect:bugfix/cstp_sso_detect_done into master Dec 21, 2023

Passing a NULL value to strcmp is undefined behavior. Some web engines might have events where cookies are enumerated, but the event does not contain a uri enumeration. An example is QtWebEngine where it has discrete signals, QWebEngineView::urlChanged and QWebEngineCookieStore::cookieAdded. Add a check similar to the one found in gpst_sso_detect_done for the uri member of struct oc_webview_result.

Discovered this issue when implementing GlobalProtect SAML support for plasma-nm.

https://invent.kde.org/plasma/plasma-nm/-/merge_requests/316/diffs?commit_id=1cef16cb09c72a0a3d73c14885bf8b4ae3737988

Signed-off-by: Rahul Rameshbabu sergeantsagara@protonmail.com

Edited Dec 21, 2023 by Rahul Rameshbabu

cstp: Check if uri is NULL in sso_detect_done

Merge request reports