Module Name: src
Committed By: shm
Date: Fri Nov 21 08:58:28 UTC 2014
Modified Files:
src/libexec/httpd: auth-bozo.c bozohttpd.c bozohttpd.h
Log Message:
Fixed memory leak in case of multiple authentication headers sent by the
client.
OK mrg@
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.58 -r1.59 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/bozohttpd.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.13 src/libexec/httpd/auth-bozo.c:1.14
--- src/libexec/httpd/auth-bozo.c:1.13 Tue Jul 8 14:01:21 2014
+++ src/libexec/httpd/auth-bozo.c Fri Nov 21 08:58:28 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-bozo.c,v 1.13 2014/07/08 14:01:21 mrg Exp $ */
+/* $NetBSD: auth-bozo.c,v 1.14 2014/11/21 08:58:28 shm Exp $ */
/* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
@@ -118,6 +118,13 @@ bozo_auth_check(bozo_httpreq_t *request,
}
void
+bozo_auth_init(bozo_httpreq_t *request)
+{
+ request->hr_authuser = NULL;
+ request->hr_authpass = NULL;
+}
+
+void
bozo_auth_cleanup(bozo_httpreq_t *request)
{
@@ -150,6 +157,8 @@ bozo_auth_check_headers(bozo_httpreq_t *
return bozo_http_error(httpd, 400, request,
"bad authorization field");
*pass++ = '\0';
+ free(request->hr_authuser);
+ free(request->hr_authpass);
request->hr_authuser = bozostrdup(httpd, authbuf);
request->hr_authpass = bozostrdup(httpd, pass);
debug((httpd, DEBUG_FAT,
Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.58 src/libexec/httpd/bozohttpd.c:1.59
--- src/libexec/httpd/bozohttpd.c:1.58 Fri Nov 21 08:54:12 2014
+++ src/libexec/httpd/bozohttpd.c Fri Nov 21 08:58:28 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.c,v 1.58 2014/11/21 08:54:12 shm Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.59 2014/11/21 08:58:28 shm Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@@ -541,6 +541,7 @@ bozo_read_request(bozohttpd_t *httpd)
request->hr_virthostname = NULL;
request->hr_file = NULL;
request->hr_oldfile = NULL;
+ bozo_auth_init(request);
slen = sizeof(ss);
if (getpeername(0, (struct sockaddr *)(void *)&ss, &slen) < 0)
Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.33 src/libexec/httpd/bozohttpd.h:1.34
--- src/libexec/httpd/bozohttpd.h:1.33 Thu Jul 17 06:27:52 2014
+++ src/libexec/httpd/bozohttpd.h Fri Nov 21 08:58:28 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.h,v 1.33 2014/07/17 06:27:52 mrg Exp $ */
+/* $NetBSD: bozohttpd.h,v 1.34 2014/11/21 08:58:28 shm Exp $ */
/* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */
@@ -247,6 +247,7 @@ void bozo_ssl_destroy(bozohttpd_t *);
/* auth-bozo.c */
#ifdef DO_HTPASSWD
+void bozo_auth_init(bozo_httpreq_t *);
int bozo_auth_check(bozo_httpreq_t *, const char *);
void bozo_auth_cleanup(bozo_httpreq_t *);
int bozo_auth_check_headers(bozo_httpreq_t *, char *, char *, ssize_t);
@@ -255,6 +256,7 @@ void bozo_auth_check_401(bozo_httpreq_t
void bozo_auth_cgi_setenv(bozo_httpreq_t *, char ***);
int bozo_auth_cgi_count(bozo_httpreq_t *);
#else
+#define bozo_auth_init(x) do { /* nothing */ } while (0)
#define bozo_auth_check(x, y) 0
#define bozo_auth_cleanup(x) do { /* nothing */ } while (0)
#define bozo_auth_check_headers(y, z, a, b) 0
