Mirko is right, my patch creates a memory leak. I've attached an alternative patch as proposal.
Btw., I've send the nodogsplash maintainer a mail a year ago but got no reply (patch for a minor issue). On 05/31/2012 03:21 PM, Outback Dingo wrote: > On Thu, May 31, 2012 at 8:09 AM, Mirko Vogt <mi...@openwrt.org> wrote: >> The project isn't really maintained anymore, but it's definitely worth a >> try getting a fix upstream. >> The patch applies and is working, however I wonder whether it creates a >> memleak, since strdup is called which allocates memory which doesn't get >> free'ed again. >> > > Since Im the OpenWRT "maintainer" I can get it commit, but, honestly > it should be > really resolved upstream, so Ill contact the author, and see if 1) > hell fix it, 2) if not if > he wants to release the project to me in its entirety to continue the effort. > > >> On 05/31/2012 11:33 AM, John Crispin wrote: >>> On 31/05/12 11:23, Moritz Warning wrote: >>>> Sorry, I wasn't very specific; nodogsplash exits rather than crashing. >>>> It uses a safe_strdup call that exits in this case. >>>> >>> >>> That still makes it a remote DoS exploit :-) >>> _______________________________________________ >>> openwrt-devel mailing list >>> openwrt-devel@lists.openwrt.org >>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel >> _______________________________________________ >> openwrt-devel mailing list >> openwrt-devel@lists.openwrt.org >> https://lists.openwrt.org/mailman/listinfo/openwrt-devel > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel >
--- a/src/http.c +++ b/src/http.c @@ -455,10 +455,15 @@ http_nodogsplash_decode_authtarget(reque var = httpdGetVariableByName(r,"tok"); if(var && var->value) { token = var->value; + } else { + token = ""; } + var = httpdGetVariableByName(r,"redir"); if(var && var->value) { redir = var->value; + } else { + redir = ""; } authtarget = http_nodogsplash_make_authtarget(token,redir);
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel