CC'ing the nodogsplash people ... could they comment on the patch ?
looks like a remote DoS exploit ....
-------- Original Message --------
Subject: [OpenWrt-Devel] [PATCH] nodogsplash crashes when rdir
parameter is missing
Date: Wed, 30 May 2012 23:41:00 +0200
From: Moritz Warning <moritzwarn...@web.de>
Reply-To: OpenWrt Development List <openwrt-devel@lists.openwrt.org>
To: openwrt-devel@lists.openwrt.org
nodogsplash-0.9_beta9.9.6 crashes if it receives an authentication URL
which has no "redir" or "tok" parameter set.
That's why wget on the splash page crashes nodogsplash. :[
Signed-off-by: Moritz Warning <moritzwarn...@web.de>
Attached is the patch created by quilt.
An inline patch would omit the file name.
--- a/src/http.c
+++ b/src/http.c
@@ -455,10 +455,15 @@ http_nodogsplash_decode_authtarget(reque
var = httpdGetVariableByName(r,"tok");
if(var && var->value) {
token = var->value;
+ } else {
+ token = safe_strdup("");
}
+
var = httpdGetVariableByName(r,"redir");
if(var && var->value) {
redir = var->value;
+ } else {
+ redir = safe_strdup("");
}
authtarget = http_nodogsplash_make_authtarget(token,redir);
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
