CC'ing the nodogsplash people ... could they comment on the patch ?
looks like a remote DoS exploit ....
-------- Original Message --------
Subject: [OpenWrt-Devel] [PATCH] nodogsplash crashes when rdir
parameter is missing
Date: Wed, 30 May 2012 23:41:00 +0200
From: Moritz Warning <[email protected]>
Reply-To: OpenWrt Development List <[email protected]>
To: [email protected]
nodogsplash-0.9_beta9.9.6 crashes if it receives an authentication URL
which has no "redir" or "tok" parameter set.
That's why wget on the splash page crashes nodogsplash. :[
Signed-off-by: Moritz Warning <[email protected]>
Attached is the patch created by quilt.
An inline patch would omit the file name.
--- a/src/http.c
+++ b/src/http.c
@@ -455,10 +455,15 @@ http_nodogsplash_decode_authtarget(reque
var = httpdGetVariableByName(r,"tok");
if(var && var->value) {
token = var->value;
+ } else {
+ token = safe_strdup("");
}
+
var = httpdGetVariableByName(r,"redir");
if(var && var->value) {
redir = var->value;
+ } else {
+ redir = safe_strdup("");
}
authtarget = http_nodogsplash_make_authtarget(token,redir);
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
