X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Flogin.c;h=f3209facc74f15c2de5e692941893569ef456920;hb=40aa63f285b9a2ed67aac67055a205de1a8d95ba;hp=8ca2cabf2b6780f50f4e0263aa76091f984e8017;hpb=4d7acf83795a57a89150d27d21ac86dcb4c33804;p=matches%2FMCTX3420.git

diff --git a/server/login.c b/server/login.c
index 8ca2cab..f3209fa 100644
--- a/server/login.c
+++ b/server/login.c
@@ -170,6 +170,8 @@ UserType Login_Shadow(const char * user, const char * pass, const char * shadow)
 		passwd_index = -1;
 	}
 
+	fclose(f);
+
 	if (passwd_index <= 0)
 	{
 		//Log(LOGDEBUG,"No user found matching %s\n", user);
@@ -286,7 +288,10 @@ void Logout_Handler(FCGIContext * context, char * params)
 /**
  * Handle a Login Request
  * @param context - The context
- * @param params - Parameter string, should contain username and password
+ * @param params - Parameter string, should contain username and password.
+ *				   NOTE: Care should be taken when using params, as it is
+ *				   completely unescaped. Do not log or use it without
+ *                 suitable escaping.
  */
 void Login_Handler(FCGIContext * context, char * params)
 {
@@ -328,7 +333,7 @@ void Login_Handler(FCGIContext * context, char * params)
 
 		case AUTH_LDAP:
 		{
-			if (strlen(pass) <= 0)
+			if (*pass == '\0')
 			{
 				FCGI_RejectJSON(context, "No password supplied.");
 				return;