master/coturn
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix the webadmin ip permission add/delete sql injection

Browse Source
This commit is contained in:
Thibaut Ackermann 2019-05-07 11:23:29 +02:00
parent e0d84e14ed
commit cf938cd915
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/apps/relay/turn_admin_server.c
View File

@ -3230,6 +3230,8 @@ static void handle_update_request(ioa_socket_handle s, struct http_request* hr)
if(current_realm()[0] && strcmp(current_realm(),r)) {
//forbidden
} else if (strcmp(kind, "allowed") != 0 && strcmp(kind, "denied") != 0) {
//forbidden
} else {
uint8_t realm[STUN_MAX_REALM_SIZE+1]="\0";
@ -3263,6 +3265,8 @@ static void handle_update_request(ioa_socket_handle s, struct http_request* hr)
if(current_realm()[0] && strcmp(current_realm(),r)) {
//forbidden
} else if (strcmp(kind, "allowed") != 0 && strcmp(kind, "denied") != 0) {
//forbidden
} else {
uint8_t realm[STUN_MAX_REALM_SIZE+1]="\0";