Fortinet: fix crash caused by absence of redirect

author Daniel Lenski <dlenski@gmail.com>

Mon, 22 Feb 2021 08:42:21 +0000 (00:42 -0800)

committer Daniel Lenski <dlenski@gmail.com>

Mon, 29 Mar 2021 03:57:25 +0000 (20:57 -0700)
author Daniel Lenski <dlenski@gmail.com>
Mon, 22 Feb 2021 08:42:21 +0000 (00:42 -0800)
committer Daniel Lenski <dlenski@gmail.com>
Mon, 29 Mar 2021 03:57:25 +0000 (20:57 -0700)
diff --git a/fortinet.c b/fortinet.c

index 467fdf7d5c672503bc40b0d675bf6ac9ed595004..c7d955904a5c4edc91301068702e051ce9293ba3 100644 (file)
--- a/fortinet.c
+++ b/fortinet.c
@@ -113,12 +113,14 @@ int fortinet_obtain_cookie(struct openconnect_info *vpninfo)
          * capture and save it. That is, for example:
          *   'GET /MyRealmName' will redirect to '/remote/login?realm=MyRealmName'
          */
-       for (realm = strchr(vpninfo->urlpath, '?'); realm && *++realm; realm=strchr(realm, '&')) {
-               if (!strncmp(realm, "realm=", 6)) {
-                       const char *end = strchrnul(realm+1, '&');
-                       realm = strndup(realm+6, end-realm);
-                       vpn_progress(vpninfo, PRG_INFO, _("Got login realm '%s'\n"), realm);
-                       break;
+       if (vpninfo->urlpath) {
+               for (realm = strchr(vpninfo->urlpath, '?'); realm && *++realm; realm=strchr(realm, '&')) {
+                       if (!strncmp(realm, "realm=", 6)) {
+                               const char *end = strchrnul(realm+1, '&');
+                               realm = strndup(realm+6, end-realm);
+                               vpn_progress(vpninfo, PRG_INFO, _("Got login realm '%s'\n"), realm);
+                               break;
+                       }
                 }
         }
  
diff --git a/tests/fake-fortinet-server.py b/tests/fake-fortinet-server.py

index 1f3be2dc66e8f5fea192e3c2fb22644d752a07e1..757fe989e266d825807fa7e5d557a7bbe15e7656 100755 (executable)
--- a/tests/fake-fortinet-server.py
+++ b/tests/fake-fortinet-server.py
@@ -80,14 +80,18 @@ def check_form_against_session(*fields):
  
  ########################################
  
-# Respond to initial 'GET /' or 'GET /<realm>' with a redirect to '/remote/login?realm=<realm>'
+# Respond to initial 'GET /' with a login form
+# Respond to initial 'GET /<realm>' with a redirect to '/remote/login?realm=<realm>'
  # [Save want_2fa query parameter in the session for use later]
  @app.route('/')
  @app.route('/<realm>')
  def realm(realm=None):
-    session.update(step='initial-GET', want_2fa='want_2fa' in request.args)
+    session.update(step='GET-realm', want_2fa='want_2fa' in request.args)
      # print(session)
-    return redirect(url_for('login', realm=realm or None))
+    if realm:
+        return redirect(url_for('login', realm=realm))
+    else:
+        return login()
  
  
  # Respond to 'GET /remote/login?realm=<realm>' with a placeholder stub (since OpenConnect doesn't even try to parse the form)
author	Daniel Lenski <dlenski@gmail.com>
	Mon, 22 Feb 2021 08:42:21 +0000 (00:42 -0800)
committer	Daniel Lenski <dlenski@gmail.com>
	Mon, 29 Mar 2021 03:57:25 +0000 (20:57 -0700)
fortinet.c		patch \| blob \| history
tests/fake-fortinet-server.py		patch \| blob \| history