(1) Length of user is not guaranteed (and in this case definitely < BUFSIZ)
(2) Because of (1), a buffer overflow is possible anyway
(3) Sure, a BUFSIZ limit will prevent an 'infinite' loop, but this may just make it more difficult to track down the buffer overflow.
- char * user = ""; // The username supplied through CGI
- char * pass = ""; // The password supplied through CGI
- //TODO: Make sure these are passed through HTTPS, *not* HTTP .... otherwise people can eavesdrop on the passwords
+ char * user; // The username supplied through CGI
+ char * pass; // The password supplied through CGI
FCGIValue values[] = {
{"user", &user, FCGI_REQUIRED(FCGI_STRING_T)},
FCGIValue values[] = {
{"user", &user, FCGI_REQUIRED(FCGI_STRING_T)},
-
- // Trim leading whitespace (the BUFSIZ check is to make sure incorrectly terminated strings don't cause an infinite loop)
+ // Trim leading whitespace
- for (i = 0; i < BUFSIZ && isspace(user[0]) && user[0] != '\0'; ++i,++user);
+ for (i = 0; isspace(user[0]) && user[0] != '\0'; ++i, ++user);
// Truncate string at first non alphanumeric character
// Truncate string at first non alphanumeric character
- for (i = 0; i < BUFSIZ && isalnum(user[i]) && user[i] != '\0'; ++i);
+ for (i = 0; isalnum(user[i]) && user[i] != '\0'; ++i);
bool authenticated = true;
bool authenticated = true;
// Give the user a cookie
FCGI_PrintRaw("Content-type: text\r\n");
FCGI_PrintRaw("Set-Cookie: %s\r\n\r\n", context->control_key);
// Give the user a cookie
FCGI_PrintRaw("Content-type: text\r\n");
FCGI_PrintRaw("Set-Cookie: %s\r\n\r\n", context->control_key);
+ FCGI_PrintRaw("Logged in");