X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Flogin.c;h=3445c04ff1649054b50f4dbbec845010ff703306;hb=828cdbf49f52572e93c5c5a48e05277525a4055f;hp=8ca2cabf2b6780f50f4e0263aa76091f984e8017;hpb=4d7acf83795a57a89150d27d21ac86dcb4c33804;p=matches%2FMCTX3420.git

diff --git a/server/login.c b/server/login.c
index 8ca2cab..3445c04 100644
--- a/server/login.c
+++ b/server/login.c
@@ -286,7 +286,10 @@ void Logout_Handler(FCGIContext * context, char * params)
 /**
  * Handle a Login Request
  * @param context - The context
- * @param params - Parameter string, should contain username and password
+ * @param params - Parameter string, should contain username and password.
+ *				   NOTE: Care should be taken when using params, as it is
+ *				   completely unescaped. Do not log or use it without
+ *                 suitable escaping.
  */
 void Login_Handler(FCGIContext * context, char * params)
 {
@@ -328,7 +331,7 @@ void Login_Handler(FCGIContext * context, char * params)
 
 		case AUTH_LDAP:
 		{
-			if (strlen(pass) <= 0)
+			if (*pass == '\0')
 			{
 				FCGI_RejectJSON(context, "No password supplied.");
 				return;