diff options
author | Mårten Nordheim <marten.nordheim@qt.io> | 2022-07-28 12:04:11 +0200 |
---|---|---|
committer | Mårten Nordheim <marten.nordheim@qt.io> | 2022-08-17 15:14:52 +0200 |
commit | c684b8e939650b5c007b990c5c39eea750f45970 (patch) | |
tree | 43c4d4a9614e80df28f86ddff990e54c5fcb0445 /src/widgets/styles/qfusionstyle.cpp | |
parent | 90ad4d10efea131ad569b1350b8150bbd66c179d (diff) |
QAuthenticator: Fix crash when using NTLM / Negotiate
With NTLM/Negotiate we delete the context used to generate replies once
we get SEC_E_OK. Due to some faulty logic in the http backend we could
end up trying to generate another response. Qt would then pass
references to some offsets of nullptr into the API calls causing it to
crash. Add some sanity checks before the "sspi continue" calls to make
sure this won't happen, and update the condition in the http
backend to check that we have not already sent our credentials.
As a drive-by: correct the initialization of the handles to use
SecInvalidateHandle instead of memset to 0.
Pick-to: 6.4 6.3 6.2 5.15
Fixes: QTBUG-102359
Change-Id: I884ff8fc70609fe8746b99a1d56eeafcda9d2620
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src/widgets/styles/qfusionstyle.cpp')
0 files changed, 0 insertions, 0 deletions