git.ucc.asn.au
/
matches
/
MCTX3420.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
add fclose to shadow login
[matches/MCTX3420.git]
/
server
/
login.c
diff --git
a/server/login.c
b/server/login.c
index
8ca2cab
..
f3209fa
100644
(file)
--- a/
server/login.c
+++ b/
server/login.c
@@
-170,6
+170,8
@@
UserType Login_Shadow(const char * user, const char * pass, const char * shadow)
passwd_index = -1;
}
passwd_index = -1;
}
+ fclose(f);
+
if (passwd_index <= 0)
{
//Log(LOGDEBUG,"No user found matching %s\n", user);
if (passwd_index <= 0)
{
//Log(LOGDEBUG,"No user found matching %s\n", user);
@@
-286,7
+288,10
@@
void Logout_Handler(FCGIContext * context, char * params)
/**
* Handle a Login Request
* @param context - The context
/**
* Handle a Login Request
* @param context - The context
- * @param params - Parameter string, should contain username and password
+ * @param params - Parameter string, should contain username and password.
+ * NOTE: Care should be taken when using params, as it is
+ * completely unescaped. Do not log or use it without
+ * suitable escaping.
*/
void Login_Handler(FCGIContext * context, char * params)
{
*/
void Login_Handler(FCGIContext * context, char * params)
{
@@
-328,7
+333,7
@@
void Login_Handler(FCGIContext * context, char * params)
case AUTH_LDAP:
{
case AUTH_LDAP:
{
- if (
strlen(pass) <= 0
)
+ if (
*pass == '\0'
)
{
FCGI_RejectJSON(context, "No password supplied.");
return;
{
FCGI_RejectJSON(context, "No password supplied.");
return;
UCC
git Repository :: git.ucc.asn.au