diff options
| -rw-r--r-- | src/authdb.c | 2 | ||||
| -rw-r--r-- | src/squark-auth-ip.c | 4 | ||||
| -rw-r--r-- | src/squark-filter.c | 4 |
3 files changed, 7 insertions, 3 deletions
diff --git a/src/authdb.c b/src/authdb.c index ed171a7..d16ba3a 100644 --- a/src/authdb.c +++ b/src/authdb.c @@ -223,7 +223,7 @@ int authdb_check_login(void *token, struct authdb_entry *e, /* check username */ if (!blob_is_null(username) && - blob_cmp(username, BLOB_STRLEN(e->p.login_name)) != 0) + blob_cmp(username, BLOB_CHAR_ARRAY(e->p.login_name)) != 0) return 0; /* and dates */ diff --git a/src/squark-auth-ip.c b/src/squark-auth-ip.c index 94c450f..74e0583 100644 --- a/src/squark-auth-ip.c +++ b/src/squark-auth-ip.c @@ -60,7 +60,7 @@ static void handle_line(blob_t line) blob_push(&b, id); if (auth_ok) { blob_push(&b, BLOB_STR(" OK user=")); - blob_push(&b, BLOB_STRLEN(entry.p.login_name)); + blob_push(&b, BLOB_CHAR_ARRAY(entry.p.login_name)); blob_push(&b, BLOB_PTR_LEN("\n", 1)); } else { blob_push(&b, BLOB_STR(" ERR\n")); @@ -210,6 +210,8 @@ int main(int argc, char **argv) return 2; } authdb_clear_entry(&entry); + if (username.len > sizeof(entry.p.login_name)) + username.len = sizeof(entry.p.login_name); /* avoid buffer overflow */ memcpy(entry.p.login_name, username.ptr, username.len); authdb_commit_login(token, &entry, now, &adbc); break; diff --git a/src/squark-filter.c b/src/squark-filter.c index b938355..827540e 100644 --- a/src/squark-filter.c +++ b/src/squark-filter.c @@ -434,11 +434,13 @@ static void read_input(struct sqdb *db) } else { if (authdb_check_login(token, &entry, username, now, &adbc)) { auth_ok = 1; - username = BLOB_STRLEN(entry.p.login_name); + username = BLOB_CHAR_ARRAY(entry.p.login_name); } else if ((!adbc.require_auth) || (!blob_is_null(username) && blob_cmp(username, dash) != 0)) { auth_ok = 1; authdb_clear_entry(&entry); + if (username.len > sizeof(entry.p.login_name)) + username.len = sizeof(entry.p.login_name); /* avoid buffer overflow */ memcpy(entry.p.login_name, username.ptr, username.len); authdb_commit_login(token, &entry, now, &adbc); } else { |