master/coturn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #386 from ALE-Rainbow/fixIPPermissionSQLInjection

Browse Source 
fix the webadmin ip permission add/delete sql injection
This commit is contained in:
Mészáros Mihály 2019-05-20 10:48:57 +02:00 committed by GitHub
commit 7f8ff54860
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/apps/relay/turn_admin_server.c
View File

@ -3230,6 +3230,8 @@ static void handle_update_request(ioa_socket_handle s, struct http_request* hr)
if(current_realm()[0] && strcmp(current_realm(),r)) {
//forbidden
} else if (strcmp(kind, "allowed") != 0 && strcmp(kind, "denied") != 0) {
//forbidden
} else {
uint8_t realm[STUN_MAX_REALM_SIZE+1]="\0";
@ -3263,6 +3265,8 @@ static void handle_update_request(ioa_socket_handle s, struct http_request* hr)
if(current_realm()[0] && strcmp(current_realm(),r)) {
//forbidden
} else if (strcmp(kind, "allowed") != 0 && strcmp(kind, "denied") != 0) {
//forbidden
} else {
uint8_t realm[STUN_MAX_REALM_SIZE+1]="\0";