From 613fa87dd64853a042d982aca4a94279cd78ff58 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 4 May 2021 12:22:54 +0100 Subject: [PATCH] Partial fix for Fortinet auth We have to fill in form->auth_id in all cases, and were forgetting in the synthesised password form. Also, on a redirect we would get an empty resp_buf from do_http_request() which would cause a crash when we dereference it. Don't do that. We still need some more work here (and a webview at least for the GUI case) but this at least fixes the worst of it. Signed-off-by: David Woodhouse --- fortinet.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fortinet.c b/fortinet.c index bad540c8..9ccea1cb 100644 --- a/fortinet.c +++ b/fortinet.c @@ -144,6 +144,9 @@ int fortinet_obtain_cookie(struct openconnect_info *vpninfo) ret = -ENOMEM; goto out; } + form->auth_id = strdup("fortinet_auth"); + if (!form->auth_id) + goto nomem; opt = form->opts = calloc(1, sizeof(*opt)); if (!opt) goto nomem; @@ -207,7 +210,7 @@ int fortinet_obtain_cookie(struct openconnect_info *vpninfo) } /* XX: We got 200 status, but no SVPNCOOKIE. 2FA? */ - if (ret >= 0 && + if (ret > 0 && !strncmp(resp_buf, "ret=", 4) && strstr(resp_buf, ",tokeninfo=")) { const char *prompt; struct oc_text_buf *action_buf = buf_alloc();