[Mt-daapd-cvs] SF.net SVN: mt-daapd: [1679] trunk/src/webserver.c

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Revision: 1679
          http://mt-daapd.svn.sourceforge.net/mt-daapd/?rev=1679&view=rev
Author:   rpedde
Date:     2007-10-21 15:45:32 -0700 (Sun, 21 Oct 2007)

Log Message:
-----------
Fix for remote DOS, reported as UnprotectedHex.com advisory UPH-07-02 by nnp (no CVE yet)

Modified Paths:
--------------
    trunk/src/webserver.c

Modified: trunk/src/webserver.c
===================================================================

--- trunk/src/webserver.c	2007-10-21 22:13:37 UTC (rev 1678)
+++ trunk/src/webserver.c	2007-10-21 22:45:32 UTC (rev 1679)
@@ -1131,8 +1131,7 @@
             if((auth_handler) && (auth_handler(pwsc,NULL,NULL)==0)) {
                 /* do the auth thing */
                 auth=ws_getarg(&pwsc->request_headers,"Authorization");
-                if(auth) {
-                    ws_decodepassword(auth,&username,&password);
+                if((auth) && (ws_decodepassword(auth,&username, &password))) {
                     if(auth_handler(pwsc,username,password))
                         can_dispatch=1;
                     ws_addarg(&pwsc->request_vars,"HTTP_USER",username);
@@ -1706,6 +1705,7 @@
     int pads=0;
     unsigned char *decodebuffer;
     unsigned char *pin, *pout;
+    char *type,*base64;
     int lookup;
 
     *username=NULL;
@@ -1735,23 +1735,36 @@
     ws_unlock_unsafe();
 
     /* xlat table is initialized */
-    while(*header != ' ')
+
+    // Trim leading spaces
+    while((*header) && (*header == ' '))
         header++;
 
-    header++;
+    // Should be in the form "Basic <base-64 enc username/pw>"
+    type=header;
+    base64 = strchr(header,' ');
+    if(!base64) {
+        // invalid auth header 
+        ws_dprintf(L_WS_DBG,"Bad authentication header: %s\n",header);
+        WS_EXIT();
+        return FALSE;
+    }
+    
+    *base64 = '\0';
+    base64++;
 
-    decodebuffer=(unsigned char *)malloc(strlen(header));
+    decodebuffer=(unsigned char *)malloc(strlen(base64));
     if(!decodebuffer) {
         WS_EXIT();
         return FALSE;
     }
 
-    ws_dprintf(L_WS_DBG,"Preparing to decode %s\n",header);
+    ws_dprintf(L_WS_DBG,"Preparing to decode %s\n",base64);
 
-    memset(decodebuffer,0,strlen(header));
+    memset(decodebuffer,0,strlen(base64));
     len=0;
     pout=decodebuffer;
-    pin=(unsigned char *)header;
+    pin=(unsigned char *)base64;
 
     /* this is more than a little sloppy */
     while(pin[rack]) {


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


