Skip to content
Snippets Groups Projects
Commit eb50786d authored by rswindell's avatar rswindell
Browse files

Simplified check_ars() and fixed potential segfault (trying to free nular).

parent f97305bb
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 33 additions and 29 deletions
src/sbbs3/websrvr.c
+ 33
29
View file @ eb50786d
...@@ -41,7 +41,9 @@ ...@@ -41,7 +41,9 @@
#include "websrvr.h" #include "websrvr.h"
static const char* server_name="Synchronet Web Server"; static const char* server_name="Synchronet Web Server";
#define CRLF "\r\n" static const char* newline="\r\n";
extern const uchar* nular;
#define TIMEOUT_THREAD_WAIT 60 /* Seconds */ #define TIMEOUT_THREAD_WAIT 60 /* Seconds */
#define MAX_MIME_TYPES 128 #define MAX_MIME_TYPES 128
...@@ -252,7 +254,7 @@ static int sockprintf(SOCKET sock, char *fmt, ...) ...@@ -252,7 +254,7 @@ static int sockprintf(SOCKET sock, char *fmt, ...)
sbuf[sizeof(sbuf)-1]=0; sbuf[sizeof(sbuf)-1]=0;
if(startup->options&WEB_OPT_DEBUG_TX) if(startup->options&WEB_OPT_DEBUG_TX)
lprintf("%04d TX: %s", sock, sbuf); lprintf("%04d TX: %s", sock, sbuf);
strcat(sbuf,"\r\n"); strcat(sbuf,newline);
len+=2; len+=2;
va_end(argptr); va_end(argptr);
...@@ -513,7 +515,7 @@ void send_headers(http_session_t *session, const char *status) ...@@ -513,7 +515,7 @@ void send_headers(http_session_t *session, const char *status)
t=gmtime(&stats.st_mtime); t=gmtime(&stats.st_mtime);
sockprintf(session->socket,"%s: %s, %02d %s %04d %02d:%02d:%02d GMT",get_header(HEAD_LASTMODIFIED),days[t->tm_wday],t->tm_mday,months[t->tm_mon],t->tm_year+1900,t->tm_hour,t->tm_min,t->tm_sec); sockprintf(session->socket,"%s: %s, %02d %s %04d %02d:%02d:%02d GMT",get_header(HEAD_LASTMODIFIED),days[t->tm_wday],t->tm_mday,months[t->tm_mon],t->tm_year+1900,t->tm_hour,t->tm_min,t->tm_sec);
} }
sendsocket(session->socket,CRLF,2); sendsocket(session->socket,newline,2);
} }
static void sock_sendfile(SOCKET socket,char *path) static void sock_sendfile(SOCKET socket,char *path)
...@@ -548,8 +550,11 @@ static BOOL check_ars(char *ars,http_session_t * session) ...@@ -548,8 +550,11 @@ static BOOL check_ars(char *ars,http_session_t * session)
char *password; char *password;
uchar *ar; uchar *ar;
user_t user; user_t user;
BOOL authorized;
if(session->req.auth[0]==0)
return(FALSE);
if(session->req.auth[0]) {
username=strtok(session->req.auth,":"); username=strtok(session->req.auth,":");
password=strtok(NULL,":"); password=strtok(NULL,":");
/* Require a password */ /* Require a password */
...@@ -564,17 +569,16 @@ static BOOL check_ars(char *ars,http_session_t * session) ...@@ -564,17 +569,16 @@ static BOOL check_ars(char *ars,http_session_t * session)
return(FALSE); return(FALSE);
} }
ar = arstr(NULL,session->req.ars,&scfg); ar = arstr(NULL,session->req.ars,&scfg);
if (chk_ar(&scfg,ar,&user)) { authorized=chk_ar(&scfg,ar,&user);
if(ar!=NULL && ar!=nular)
free(ar); free(ar);
if(authorized)
return(TRUE); return(TRUE);
}
else {
/* Should go to the hack log? */ /* Should go to the hack log? */
free(ar);
lprintf("Failed ARS Auth: %s Password: %s ARS: %s",username,password,ars); lprintf("Failed ARS Auth: %s Password: %s ARS: %s",username,password,ars);
return(FALSE);
}
}
return(FALSE); return(FALSE);
} }
...@@ -939,7 +943,7 @@ static BOOL check_request(http_session_t * session) ...@@ -939,7 +943,7 @@ static BOOL check_request(http_session_t * session)
if(session->req.ars[0] && !(check_ars(session->req.ars,session))) { if(session->req.ars[0] && !(check_ars(session->req.ars,session))) {
/* No authentication provided */ /* No authentication provided */
sprintf(str,"401 Unauthorized%s%s: Basic realm=\"%s\"" sprintf(str,"401 Unauthorized%s%s: Basic realm=\"%s\""
,CRLF,get_header(HEAD_WWWAUTH),scfg.sys_name); ,newline,get_header(HEAD_WWWAUTH),scfg.sys_name);
send_error(str,session); send_error(str,session);
return(FALSE); return(FALSE);
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment