Handle missing base64 challenge in NegotiateAuth and NTLMAuth.

2 files changed, 6 insertions, 3 deletions

diff --git a/extensions/auth/nsHttpNegotiateAuth.cpp b/extensions/auth/nsHttpNegotiateAuth.cpp
index adea54b850..8b6be915e9 100644
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@@ -530,8 +530,11 @@ nsHttpNegotiateAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChanne
             challenge++;
         len = strlen(challenge);
 
+        if (!len)

+            return NS_ERROR_UNEXPECTED;

+
         // strip off any padding (see bug 230351)
-        while (challenge[len - 1] == '=')
+        while (len && challenge[len - 1] == '=')
             len--;
 
         //
diff --git a/netwerk/protocol/http/nsHttpNTLMAuth.cpp b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
index aa5b1f8f7e..86bfcf4d13 100644
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@@ -486,8 +486,8 @@ nsHttpNTLMAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChannel,
         len -= 5;
 
         // strip off any padding (see bug 230351)
-        while (challenge[len - 1] == '=')
-          len--;
+        while (len && challenge[len - 1] == '=')
+            len--;
 
         // decode into the input secbuffer
         rv = Base64Decode(challenge, len, (char**)&inBuf, &inBufLen);