master/coturn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add username sanity check, to avoid sql-injection

Browse Source
This commit is contained in:
Mészáros Mihály 2018-11-07 10:39:14 +01:00
parent 8a647d7591
commit eb9b9c49be
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/apps/relay/turn_admin_server.c
View File

@ -3295,7 +3295,7 @@ static void handle_logon_request(ioa_socket_handle s, struct http_request* hr)
s->special_session_size = sizeof(struct admin_session);
}
if(!(as->as_ok) && uname && pwd) {
if(!(as->as_ok) && uname && is_secure_string((const u08bits*)uname) && pwd && is_secure_string((const u08bits*)pwd)) {
const turn_dbdriver_t * dbd = get_dbdriver();
if (dbd && dbd->get_admin_user) {
password_t password;