Permalink
Browse files

Check that a secondary auth manager is set before dereferencing.

Summary: CVE-2018-6343

Reviewed By: mingtaoy

Differential Revision: D12994423

fbshipit-source-id: 9229ec11da8085f1fa153595e8e5353e19d06fb7
  • Loading branch information...
knekritz authored and facebook-github-bot committed Nov 12, 2018
1 parent abdbc69 commit 0600ebe59c3e82cd012def77ca9ca1918da74a71
Showing with 8 additions and 0 deletions.
  1. +8 −0 proxygen/lib/http/session/HTTPSession.cpp
@@ -1349,6 +1349,10 @@ void HTTPSession::onCertificateRequest(uint16_t requestId,
DestructorGuard dg(this);
VLOG(4) << "CERTIFICATE_REQUEST on" << *this << ", requestId=" << requestId;

if (!secondAuthManager_) {
return;
}

std::pair<uint16_t, std::unique_ptr<folly::IOBuf>> authenticator;
auto fizzBase = getTransport()->getUnderlyingTransport<AsyncFizzBase>();
if (fizzBase) {
@@ -1382,6 +1386,10 @@ void HTTPSession::onCertificate(uint16_t certId,
DestructorGuard dg(this);
VLOG(4) << "CERTIFICATE on" << *this << ", certId=" << certId;

if (!secondAuthManager_) {
return;
}

bool isValid = false;
auto fizzBase = getTransport()->getUnderlyingTransport<AsyncFizzBase>();
if (fizzBase) {

0 comments on commit 0600ebe

Please sign in to comment.