From 8e312d9bb5ea79a448862f590e9043b5f58c6723 Mon Sep 17 00:00:00 2001
From: deuce <>
Date: Tue, 13 Jul 2004 23:18:30 +0000
Subject: [PATCH] Don't parse the incoming auth header, copy it out first (for
 internal redirected authenticated hits)

---
 src/sbbs3/websrvr.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/sbbs3/websrvr.c b/src/sbbs3/websrvr.c
index b69030b4ed..0ad6fe0df3 100644
--- a/src/sbbs3/websrvr.c
+++ b/src/sbbs3/websrvr.c
@@ -833,14 +833,16 @@ static BOOL check_ars(http_session_t * session)
 	char	*password;
 	uchar	*ar;
 	BOOL	authorized;
+	char	auth_req[MAX_REQUEST_LINE];
 
 	if(session->req.auth[0]==0) {
 		if(startup->options&WEB_OPT_DEBUG_RX)
 			lprintf(LOG_NOTICE,"%04d !No authentication information",session->socket);
 		return(FALSE);
 	}
+	SAFECOPY(auth_req,session->req.auth);
 
-	username=strtok(session->req.auth,":");
+	username=strtok(auth_req,":");
 	if(username==NULL)
 		username="";
 	password=strtok(NULL,":");
-- 
GitLab