diff options
author | Mike Kaganski <mike.kaganski@collabora.com> | 2019-01-08 05:47:04 +0300 |
---|---|---|
committer | Andras Timar <andras.timar@collabora.com> | 2019-01-11 23:18:05 +0100 |
commit | 9ee5981193db8d35a80d1cba075895e226ff95e8 (patch) | |
tree | 80b048825714b519013b35da04ff8be920f02089 /vcl | |
parent | 7b6cf331528160767a7341b340e7107fa503b5e1 (diff) |
Don't crash when accessing WebDAV resource after auth failed
In my testing on Windows, the crashing scenario was this:
1. FileDialogHelper_Impl::updateVersions() creates storage calling
comphelper::OStorageHelper::GetStorageFromURL;
2. Content::openStream() calls isDocument first;
3. Content::isDocument() indirectly initiates WebDAV session,
creating a NeonSession;
4. All operations of NeonSession call Init() first; its first call
initializes m_pHttpSession using ne_session_create, and then
adds auth callbacks using ne_add_server_auth/ne_add_proxy_auth
5. Then NeonSession performs the rest of PROPFIND task, calling
ah_post_send and auth_challenge; the latter fails, then
ah_post_send calls clean_session, which cleans m_pHttpSession's
auth_session's sspi_host;
6. NeonSession::HandleError throws DAVException for NE_AUTH error;
7. Content::isDocument() returns true to Content::openStream(),
which proceeds to execute the command, which in turn re-uses
the NeonSession and its m_pHttpSession;
8. NeonSession::OPTIONS then indirectly calls continue_sspi, which
tries to dereference the m_pHttpSession's auth_session's
sspi_host which is nullptr at this point.
So in case NeonSession detects the NE_AUTH error condition, let's
set a flag indicating that the next Init() should reinitialize its
m_pHttpSession.
Also fixed a case when xProps was used before initialization in
Content::getPropertyValues.
Change-Id: Ifc9eec4fe0333ff6be17c5089068441b4a6eb78c
Reviewed-on: https://gerrit.libreoffice.org/65950
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/66003
Tested-by: Mike Kaganski <mike.kaganski@collabora.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Diffstat (limited to 'vcl')
0 files changed, 0 insertions, 0 deletions