Fixed memory leak in case of multiple authentication headers sent by the
client. OK mrg@
This commit is contained in:
parent
b8c713d1a2
commit
60a0878843
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: auth-bozo.c,v 1.13 2014/07/08 14:01:21 mrg Exp $ */
|
||||
/* $NetBSD: auth-bozo.c,v 1.14 2014/11/21 08:58:28 shm Exp $ */
|
||||
|
||||
/* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
|
||||
|
||||
|
@ -117,6 +117,13 @@ bozo_auth_check(bozo_httpreq_t *request, const char *file)
|
|||
return bozo_http_error(httpd, 401, request, "bad auth");
|
||||
}
|
||||
|
||||
void
|
||||
bozo_auth_init(bozo_httpreq_t *request)
|
||||
{
|
||||
request->hr_authuser = NULL;
|
||||
request->hr_authpass = NULL;
|
||||
}
|
||||
|
||||
void
|
||||
bozo_auth_cleanup(bozo_httpreq_t *request)
|
||||
{
|
||||
|
@ -150,6 +157,8 @@ bozo_auth_check_headers(bozo_httpreq_t *request, char *val, char *str, ssize_t l
|
|||
return bozo_http_error(httpd, 400, request,
|
||||
"bad authorization field");
|
||||
*pass++ = '\0';
|
||||
free(request->hr_authuser);
|
||||
free(request->hr_authpass);
|
||||
request->hr_authuser = bozostrdup(httpd, authbuf);
|
||||
request->hr_authpass = bozostrdup(httpd, pass);
|
||||
debug((httpd, DEBUG_FAT,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: bozohttpd.c,v 1.58 2014/11/21 08:54:12 shm Exp $ */
|
||||
/* $NetBSD: bozohttpd.c,v 1.59 2014/11/21 08:58:28 shm Exp $ */
|
||||
|
||||
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
|
||||
|
||||
|
@ -541,6 +541,7 @@ bozo_read_request(bozohttpd_t *httpd)
|
|||
request->hr_virthostname = NULL;
|
||||
request->hr_file = NULL;
|
||||
request->hr_oldfile = NULL;
|
||||
bozo_auth_init(request);
|
||||
|
||||
slen = sizeof(ss);
|
||||
if (getpeername(0, (struct sockaddr *)(void *)&ss, &slen) < 0)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: bozohttpd.h,v 1.33 2014/07/17 06:27:52 mrg Exp $ */
|
||||
/* $NetBSD: bozohttpd.h,v 1.34 2014/11/21 08:58:28 shm Exp $ */
|
||||
|
||||
/* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */
|
||||
|
||||
|
@ -247,6 +247,7 @@ void bozo_ssl_destroy(bozohttpd_t *);
|
|||
|
||||
/* auth-bozo.c */
|
||||
#ifdef DO_HTPASSWD
|
||||
void bozo_auth_init(bozo_httpreq_t *);
|
||||
int bozo_auth_check(bozo_httpreq_t *, const char *);
|
||||
void bozo_auth_cleanup(bozo_httpreq_t *);
|
||||
int bozo_auth_check_headers(bozo_httpreq_t *, char *, char *, ssize_t);
|
||||
|
@ -255,6 +256,7 @@ void bozo_auth_check_401(bozo_httpreq_t *, int);
|
|||
void bozo_auth_cgi_setenv(bozo_httpreq_t *, char ***);
|
||||
int bozo_auth_cgi_count(bozo_httpreq_t *);
|
||||
#else
|
||||
#define bozo_auth_init(x) do { /* nothing */ } while (0)
|
||||
#define bozo_auth_check(x, y) 0
|
||||
#define bozo_auth_cleanup(x) do { /* nothing */ } while (0)
|
||||
#define bozo_auth_check_headers(y, z, a, b) 0
|
||||
|
|
Loading…
Reference in New Issue