Eliminate potential for UB in libopenconnect SSO handling logic
libopenconnect's AnyConnect handler function, cstp_sso_detect_done, does
not safely handle the case when the uri member of struct oc_webview_result
is NULL. The uri member is blindly passed to strcmp, which is undefined
behavior. The pointer for HTTP response headers can be NULL since
libopenconnect's GlobalProtect SSO handler function, gpst_sso_detect_done,
handles this case.
Signed-off-by: Rahul Rameshbabu <sergeantsagara@protonmail.com>
parent
9e4b0023
Please register or sign in to comment