mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-22 17:39:53 +03:00
Merge PR #1093: Fix security issue: Fix the security of JSON-API
This commit is contained in:
commit
16cdf62cc6
@ -1018,11 +1018,14 @@ ADMIN *JsonRpcAuthLogin(CEDAR *c, SOCK *sock, HTTP_HEADER *h)
|
||||
{
|
||||
Lock(h->lock);
|
||||
{
|
||||
if (Cmp(pw_hash, h->HashedPassword, SHA1_SIZE) == 0)
|
||||
if (Cmp(h->HashedPassword, empty_pw_hash, SHA1_SIZE) != 0 && IsZero(h->HashedPassword, sizeof(h->HashedPassword)) == false)
|
||||
{
|
||||
is_hub_admin = true;
|
||||
if (Cmp(pw_hash, h->HashedPassword, SHA1_SIZE) == 0)
|
||||
{
|
||||
is_hub_admin = true;
|
||||
|
||||
StrCpy(hub_name, sizeof(hub_name), h->Name);
|
||||
StrCpy(hub_name, sizeof(hub_name), h->Name);
|
||||
}
|
||||
}
|
||||
}
|
||||
Unlock(h->lock);
|
||||
|
Loading…
Reference in New Issue
Block a user