[Mt-daapd-cvs] SF.net SVN: mt-daapd: [1679] trunk/src/webserver.c
Status: Beta
Brought to you by:
andrew40
From: <rp...@us...> - 2007-10-21 22:45:34
|
Revision: 1679 http://mt-daapd.svn.sourceforge.net/mt-daapd/?rev=1679&view=rev Author: rpedde Date: 2007-10-21 15:45:32 -0700 (Sun, 21 Oct 2007) Log Message: ----------- Fix for remote DOS, reported as UnprotectedHex.com advisory UPH-07-02 by nnp (no CVE yet) Modified Paths: -------------- trunk/src/webserver.c Modified: trunk/src/webserver.c =================================================================== --- trunk/src/webserver.c 2007-10-21 22:13:37 UTC (rev 1678) +++ trunk/src/webserver.c 2007-10-21 22:45:32 UTC (rev 1679) @@ -1131,8 +1131,7 @@ if((auth_handler) && (auth_handler(pwsc,NULL,NULL)==0)) { /* do the auth thing */ auth=ws_getarg(&pwsc->request_headers,"Authorization"); - if(auth) { - ws_decodepassword(auth,&username,&password); + if((auth) && (ws_decodepassword(auth,&username, &password))) { if(auth_handler(pwsc,username,password)) can_dispatch=1; ws_addarg(&pwsc->request_vars,"HTTP_USER",username); @@ -1706,6 +1705,7 @@ int pads=0; unsigned char *decodebuffer; unsigned char *pin, *pout; + char *type,*base64; int lookup; *username=NULL; @@ -1735,23 +1735,36 @@ ws_unlock_unsafe(); /* xlat table is initialized */ - while(*header != ' ') + + // Trim leading spaces + while((*header) && (*header == ' ')) header++; - header++; + // Should be in the form "Basic <base-64 enc username/pw>" + type=header; + base64 = strchr(header,' '); + if(!base64) { + // invalid auth header + ws_dprintf(L_WS_DBG,"Bad authentication header: %s\n",header); + WS_EXIT(); + return FALSE; + } + + *base64 = '\0'; + base64++; - decodebuffer=(unsigned char *)malloc(strlen(header)); + decodebuffer=(unsigned char *)malloc(strlen(base64)); if(!decodebuffer) { WS_EXIT(); return FALSE; } - ws_dprintf(L_WS_DBG,"Preparing to decode %s\n",header); + ws_dprintf(L_WS_DBG,"Preparing to decode %s\n",base64); - memset(decodebuffer,0,strlen(header)); + memset(decodebuffer,0,strlen(base64)); len=0; pout=decodebuffer; - pin=(unsigned char *)header; + pin=(unsigned char *)base64; /* this is more than a little sloppy */ while(pin[rack]) { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |