From 24cf59e77dca7ce3bc6e589ecb257b5a35eae03d Mon Sep 17 00:00:00 2001 From: Sebastian Reimers Date: Sun, 19 Nov 2023 09:10:04 +0100 Subject: [PATCH] httpauth/digest: fix digest_response possible NULL deref found by coverity --- src/httpauth/digest.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/httpauth/digest.c b/src/httpauth/digest.c index 5a23514f0..2c3d04ccf 100644 --- a/src/httpauth/digest.c +++ b/src/httpauth/digest.c @@ -635,12 +635,13 @@ static int digest_response(struct httpauth_digest_enc_resp *resp, uint8_t *hash1 = NULL; uint8_t *hash2 = NULL; struct mbuf *mb = NULL; - size_t hashstringl = (resp->hash_length * 2) + 1; int err = 0, n = 0; if (!resp || !resp->hashh) return EINVAL; + size_t hashstringl = (resp->hash_length * 2) + 1; + mb = mbuf_alloc(str_len(user) + str_len(passwd) + chall->realm.l + 2); if (!mb) return ENOMEM;