Browse Source

[mod_authn_dbi] copy strings before escaping

dbi_conn_escape_string_copy() requires '\0'-terminated string.
While that is currently the case for strings in http_auth_info_t,
that will soon change, so consumers must use ai->username with ai->ulen,
and ai->realm with ai->rlen
master
Glenn Strauss 5 months ago
parent
commit
60b773a6cb
  1. 17
      src/mod_authn_dbi.c

17
src/mod_authn_dbi.c

@ -416,6 +416,7 @@ mod_authn_dbi_password_cmp (const char *userpw, unsigned long userpwlen, http_au
static buffer *
mod_authn_dbi_query_build (buffer * const sqlquery, dbi_config * const dbconf, http_auth_info_t * const ai)
{
char buf[1024];
buffer_clear(sqlquery);
int qcount = 0;
for (char *b = dbconf->sqlquery->ptr, *d; *b; b = d+1) {
@ -427,10 +428,22 @@ mod_authn_dbi_query_build (buffer * const sqlquery, dbi_config * const dbconf, h
const char *v;
switch (++qcount) {
case 1:
v = ai->username;
if (ai->ulen < sizeof(buf)) {
memcpy(buf, ai->username, ai->ulen);
buf[ai->ulen] = '\0';
v = buf;
}
else
return NULL;
break;
case 2:
v = ai->realm;
if (ai->rlen < sizeof(buf)) {
memcpy(buf, ai->realm, ai->rlen);
buf[ai->rlen] = '\0';
v = buf;
}
else
return NULL;
break;
case 3:
if (ai->dalgo & HTTP_AUTH_DIGEST_SHA256)

Loading…
Cancel
Save