X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Flogin.c;h=d6d7748a2732a6020675d4833223d0f91504f58b;hb=40c784169ecaef20b626c00772b9f075e1a08de7;hp=4d3d7fddcae53ca214654d793c5c2210d08da737;hpb=8c5bba9863ed029b83766d8b4de1195aa38b1f5d;p=matches%2FMCTX3420.git

diff --git a/server/login.c b/server/login.c
index 4d3d7fd..d6d7748 100644
--- a/server/login.c
+++ b/server/login.c
@@ -178,7 +178,10 @@ void Logout_Handler(FCGIContext * context, char * params)
 /**
  * Handle a Login Request
  * @param context - The context
- * @param params - Parameter string, should contain username and password
+ * @param params - Parameter string, should contain username and password.
+ *				   NOTE: Care should be taken when using params, as it is
+ *				   completely unescaped. Do not log or use it without
+ *                 suitable escaping.
  */
 void Login_Handler(FCGIContext * context, char * params)
 {
@@ -220,7 +223,7 @@ void Login_Handler(FCGIContext * context, char * params)
 
 		case AUTH_LDAP:
 		{
-			if (strlen(pass) <= 0)
+			if (*pass == '\0')
 			{
 				FCGI_RejectJSON(context, "No password supplied.");
 				return;