AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-09-18 01:33:00 +03:00
Code Releases Activity

Merge PR #1093: Fix security issue: Fix the security of JSON-API

Browse Source
This commit is contained in:
Davide Beatrici 2020-04-05 20:49:11 +02:00 committed by GitHub
commit 16cdf62cc6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Cedar/Admin.c
View File

@ -1018,11 +1018,14 @@ ADMIN *JsonRpcAuthLogin(CEDAR *c, SOCK *sock, HTTP_HEADER *h)
{
Lock(h->lock);
{
if (Cmp(pw_hash, h->HashedPassword, SHA1_SIZE) == 0)
if (Cmp(h->HashedPassword, empty_pw_hash, SHA1_SIZE) != 0 && IsZero(h->HashedPassword, sizeof(h->HashedPassword)) == false)
{
is_hub_admin = true;
if (Cmp(pw_hash, h->HashedPassword, SHA1_SIZE) == 0)
{
is_hub_admin = true;
StrCpy(hub_name, sizeof(hub_name), h->Name);
StrCpy(hub_name, sizeof(hub_name), h->Name);
}
}
}
Unlock(h->lock);