Re: [OpenWrt-Devel] Fwd: [PATCH] nodogsplash crashes when rdir parameter is missing

Thu, 31 May 2012 10:21:40 -0700 

Mirko is right, my patch creates a memory leak.
I've attached an alternative patch as proposal.

Btw., I've send the nodogsplash maintainer a mail a year ago but got no reply 
(patch for a minor issue).

On 05/31/2012 03:21 PM, Outback Dingo wrote:
> On Thu, May 31, 2012 at 8:09 AM, Mirko Vogt <mi...@openwrt.org> wrote:
>> The project isn't really maintained anymore, but it's definitely worth a
>> try getting a fix upstream.
>> The patch applies and is working, however I wonder whether it creates a
>> memleak, since strdup is called which allocates memory which doesn't get
>> free'ed again.
>>
> 
> Since Im the OpenWRT "maintainer" I can get it commit, but, honestly
> it should be
> really resolved upstream, so Ill contact the author, and see if 1)
> hell fix it, 2) if not if
> he wants to release the project to me in its entirety to continue the effort.
> 
> 
>> On 05/31/2012 11:33 AM, John Crispin wrote:
>>> On 31/05/12 11:23, Moritz Warning wrote:
>>>> Sorry, I wasn't very specific; nodogsplash exits rather than crashing.
>>>> It uses a safe_strdup call that exits in this case.
>>>>
>>>
>>> That still makes it a remote DoS exploit :-)
>>> _______________________________________________
>>> openwrt-devel mailing list
>>> openwrt-devel@lists.openwrt.org
>>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel@lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> 


--- a/src/http.c
+++ b/src/http.c
@@ -455,10 +455,15 @@ http_nodogsplash_decode_authtarget(reque
   var = httpdGetVariableByName(r,"tok");
   if(var && var->value) {
     token = var->value;
+  } else {
+    token = "";
   }
+
   var = httpdGetVariableByName(r,"redir");
   if(var && var->value) {
     redir = var->value;
+  } else {
+    redir = "";
   }
 
   authtarget = http_nodogsplash_make_authtarget(token,redir);

_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Reply via email to