[jira] [Resolved] (AXIS2C-1465) crash in axis2_http_sender_configure_proxy_auth

Robert Lazarski (Jira) Tue, 13 Jan 2026 09:23:13 -0800


     [ 
https://issues.apache.org/jira/browse/AXIS2C-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Lazarski resolved AXIS2C-1465.
-------------------------------------
    Fix Version/s: 2.0.0
                       (was: 1.7.0)
       Resolution: Fixed

 When a proxy returns an auth type without additional parameters
    (e.g., "Proxy-Authenticate: NTLM" instead of "Basic realm=..."),
    axutil_strchr() returns NULL. The code dereferenced this NULL
    pointer, causing a crash.
    
    This fix adds NULL checks before dereferencing auth_type_end in
    both axis2_http_sender_configure_proxy_auth() and
    axis2_http_sender_set_proxy_auth_type() functions.


> crash in axis2_http_sender_configure_proxy_auth
> -----------------------------------------------
>
>                 Key: AXIS2C-1465
>                 URL: https://issues.apache.org/jira/browse/AXIS2C-1465
>             Project: Axis2-C
>          Issue Type: Bug
>          Components: core/transport
>    Affects Versions: 1.6.0
>            Reporter: Olivier Mengué
>            Priority: Critical
>              Labels: HTTP, HTTPS, NTLM, auth, bluecoat, config, crash, proxy, 
> security
>             Fix For: 2.0.0
>
>         Attachments: proxy.c, proxy.h, pwgen.c
>
>
> My application crashes in function axis2_http_sender_configure_proxy_auth.
> Here is how the proxy is defined in axis2.xml:
>     <transportSender name="http" class="axis2_http_sender">
>         <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
>         <parameter name="xml-declaration" insert="false"/>
>         <!--parameter name="Transfer-Encoding">chunked</parameter-->
>         <!--parameter name="HTTP-Authentication" username="" password="" 
> locked="true"/-->
>         <parameter name="PROXY" proxy_host="xxxxxx" proxy_port="nnnn" 
> proxy_username="" proxy_password=""
>  locked="false"/>
>     </transportSender>
> Here is the block where the crash occurs:
>         if(auth_type)
>         {
>             auth_type_end = axutil_strchr(auth_type, ' ');
>             *auth_type_end = AXIS2_ESC_NULL;
>             auth_type_end++;
>             /*Read the realm and the rest stuff now from auth_type_end */
>         }
> Local variables:
> force_proxy_auth=0
> auth_type="NTLM"
> So auth_type_end is NULL and writing to *auth_type_end is invalid.
> Here is the full stack trace:
> unnamed block in axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, 
> env = 0x200086c8, msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in 
> "http_sender.c"
> axis2_http_sender_configure_proxy_auth(sender = 0x2003bb28, env = 0x200086c8, 
> msg_ctx = 0x2001fb78, request = 0x2003bdd8), line 3081 in "http_sender.c"
> unnamed block in axis2_http_sender_send(sender = 0x2003bb28, env = 
> 0x200086c8, msg_ctx = 0x2001fb78, out = 0x2001fe18, str_url = 
> "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx";,
>  soap_action = "http://www.mellbourn.com/WebServices/get_Password";), line 
> 1194 in "http_sender.c"
> axis2_http_sender_send(sender = 0x2003bb28, env = 0x200086c8, msg_ctx = 
> 0x2001fb78, out = 0x2001fe18, str_url = 
> "http://mellbourn.com/WebServices/PasswordGeneratorWebService/PasswordGeneratorService.asmx";,
>  soap_action = "http://www.mellbourn.com/WebServices/get_Password";), line 
> 1194 in "http_sender.c"
> axis2_http_transport_sender_write_message(transport_sender = 0x2000d628, env 
> = 0x200086c8, msg_ctx = 0x2001fb78, epr = 0x2001f978, out = 0x2001fe18, 
> om_output = 0x2003bae8), line 806 in "http_transport_sender.c"
> axis2_http_transport_sender_invoke(transport_sender = 0x2000d628, env = 
> 0x200086c8, msg_ctx = 0x2001fb78), line 309 in "http_transport_sender.c"
> unnamed block in axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, 
> msg_ctx = 0x2001fb78), line 176 in "engine.c"
> axis2_engine_send(engine = 0x2001fca8, env = 0x200086c8, msg_ctx = 
> 0x2001fb78), line 176 in "engine.c"
> axis2_op_client_two_way_send(env = 0x200086c8, msg_ctx = 0x2001fb78), line 
> 1171 in "op_client.c"
> unnamed block in axis2_op_client_execute(op_client = 0x200200c8, env = 
> 0x200086c8, block = 1), line 508 in "op_client.c"
> axis2_op_client_execute(op_client = 0x200200c8, env = 0x200086c8, block = 1), 
> line 508 in "op_client.c"
> axis2_svc_client_send_receive_with_op_qname(svc_client = 0x200086e8, env = 
> 0x200086c8, op_qname = 0x2001fb38, payload = 0x20008748), line 732 in 
> "svc_client.c"
> axis2_svc_client_send_receive(svc_client = 0x200086e8, env = 0x200086c8, 
> payload = 0x20008748), line 830 in "svc_client.c"
> main(0x1, 0x2ff21318) at 0x10000644



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Resolved] (AXIS2C-1465) crash in axis2_http_sender_configure_proxy_auth

Reply via email to