diff options
author | stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2013-09-13 11:17:47 +0000 |
---|---|---|
committer | stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2013-09-13 11:17:47 +0000 |
commit | b8048a9824bd6d8e69a1f75918ac104f924a767a (patch) | |
tree | 6c2e9b1105d3ecb5f4f458ba60c6703be583a7d1 | |
parent | 13572839be54cf85366b141c3175f7aed14d7188 (diff) | |
download | lighttpd-b8048a9824bd6d8e69a1f75918ac104f924a767a.tar.gz |
fix memleak in mod_auth (fixes #2457, thx brarcher)
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@2904 152afb58-edef-0310-8abb-c4023f1b3aa9
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | src/http_auth.c | 3 |
2 files changed, 3 insertions, 1 deletions
@@ -173,6 +173,7 @@ NEWS * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362) * buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405) * fix :port handling in $HTTP["host"] checks (fixes #2135. thx liming) + * fix memleak in mod_auth (fixes #2457, thx brarcher) - 1.5.0-r19.. - * -F option added for spawn-fcgi diff --git a/src/http_auth.c b/src/http_auth.c index 2d6180e2..357f4a1b 100644 --- a/src/http_auth.c +++ b/src/http_auth.c @@ -894,7 +894,6 @@ int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, realm = (data_string *)array_get_element(req, CONST_STR_LEN("realm")); username = buffer_init(); - password = buffer_init(); if (!base64_decode(username, realm_str)) { log_error_write(srv, __FILE__, __LINE__, "sb", "decodeing base64-string failed", username); @@ -915,6 +914,8 @@ int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, username->used = pw - username->ptr; + password = buffer_init(); + /* copy password to r1 */ if (http_auth_get_password(srv, p, username, realm->value, password)) { buffer_free(username); |