MyFavMirrors/owntone-server
1
0
Fork 0
mirror of https://github.com/owntone/owntone-server.git synced 2025-04-20 18:54:05 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix for remote DOS, reported as UnprotectedHex.com advisory UPH-07-02 by nnp (no CVE yet)

Browse Source
This commit is contained in:
Ron Pedde 2007-10-21 22:45:32 +00:00
parent eb7b49d848
commit e70f43e1ce
1 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/webserver.c
View File

@ -1131,8 +1131,7 @@ void *ws_dispatcher(void *arg) {
if((auth_handler) && (auth_handler(pwsc,NULL,NULL)==0)) { if((auth_handler) && (auth_handler(pwsc,NULL,NULL)==0)) {
/* do the auth thing */ /* do the auth thing */
auth=ws_getarg(&pwsc->request_headers,"Authorization"); auth=ws_getarg(&pwsc->request_headers,"Authorization");
if(auth) { if((auth) && (ws_decodepassword(auth,&username, &password))) {
ws_decodepassword(auth,&username,&password);
if(auth_handler(pwsc,username,password)) if(auth_handler(pwsc,username,password))
can_dispatch=1; can_dispatch=1;
ws_addarg(&pwsc->request_vars,"HTTP_USER",username); ws_addarg(&pwsc->request_vars,"HTTP_USER",username);
@ -1706,6 +1705,7 @@ int ws_decodepassword(char *header, char **username, char **password) {
int pads=0; int pads=0;
unsigned char *decodebuffer; unsigned char *decodebuffer;
unsigned char *pin, *pout; unsigned char *pin, *pout;
char *type,*base64;
int lookup; int lookup;
*username=NULL; *username=NULL;
@ -1735,23 +1735,36 @@ int ws_decodepassword(char *header, char **username, char **password) {
ws_unlock_unsafe(); ws_unlock_unsafe();
/* xlat table is initialized */ /* xlat table is initialized */
while(*header != ' ')
// Trim leading spaces
while((*header) && (*header == ' '))
header++; header++;
header++; // Should be in the form "Basic <base-64 enc username/pw>"
type=header;
base64 = strchr(header,' ');
if(!base64) {
// invalid auth header
ws_dprintf(L_WS_DBG,"Bad authentication header: %s\n",header);
WS_EXIT();
return FALSE;
}
decodebuffer=(unsigned char *)malloc(strlen(header)); *base64 = '\0';
base64++;
decodebuffer=(unsigned char *)malloc(strlen(base64));
if(!decodebuffer) { if(!decodebuffer) {
WS_EXIT(); WS_EXIT();
return FALSE; return FALSE;
} }
ws_dprintf(L_WS_DBG,"Preparing to decode %s\n",header); ws_dprintf(L_WS_DBG,"Preparing to decode %s\n",base64);
memset(decodebuffer,0,strlen(header)); memset(decodebuffer,0,strlen(base64));
len=0; len=0;
pout=decodebuffer; pout=decodebuffer;
pin=(unsigned char *)header; pin=(unsigned char *)base64;
/* this is more than a little sloppy */ /* this is more than a little sloppy */
while(pin[rack]) { while(pin[rack]) {