MyFavMirrors/owntone-server
1
0
Fork 0
mirror of https://github.com/owntone/owntone-server.git synced 2025-01-23 20:53:19 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix for format string vulnerability, reported as UnprotectedHex.com advisory UPH-07-03 by nnp (no CVE yet)

Browse Source
This commit is contained in:
Ron Pedde 2007-10-21 22:51:01 +00:00
parent e70f43e1ce
commit 1292992f6f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/webserver.c
View File

@ -1134,8 +1134,8 @@ void *ws_dispatcher(void *arg) {
if((auth) && (ws_decodepassword(auth,&username, &password))) { if((auth) && (ws_decodepassword(auth,&username, &password))) {
if(auth_handler(pwsc,username,password)) if(auth_handler(pwsc,username,password))
can_dispatch=1; can_dispatch=1;
ws_addarg(&pwsc->request_vars,"HTTP_USER",username); ws_addarg(&pwsc->request_vars,"HTTP_USER","%s",username);
ws_addarg(&pwsc->request_vars,"HTTP_PASSWD",password); ws_addarg(&pwsc->request_vars,"HTTP_PASSWD","%s",password);
free(username); /* this frees password too */ free(username); /* this frees password too */
} }