mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-23 01:49:53 +03:00
Merge PR #1093: Fix security issue: Fix the security of JSON-API
This commit is contained in:
commit
16cdf62cc6
@ -1017,6 +1017,8 @@ ADMIN *JsonRpcAuthLogin(CEDAR *c, SOCK *sock, HTTP_HEADER *h)
|
|||||||
if (h != NULL)
|
if (h != NULL)
|
||||||
{
|
{
|
||||||
Lock(h->lock);
|
Lock(h->lock);
|
||||||
|
{
|
||||||
|
if (Cmp(h->HashedPassword, empty_pw_hash, SHA1_SIZE) != 0 && IsZero(h->HashedPassword, sizeof(h->HashedPassword)) == false)
|
||||||
{
|
{
|
||||||
if (Cmp(pw_hash, h->HashedPassword, SHA1_SIZE) == 0)
|
if (Cmp(pw_hash, h->HashedPassword, SHA1_SIZE) == 0)
|
||||||
{
|
{
|
||||||
@ -1025,6 +1027,7 @@ ADMIN *JsonRpcAuthLogin(CEDAR *c, SOCK *sock, HTTP_HEADER *h)
|
|||||||
StrCpy(hub_name, sizeof(hub_name), h->Name);
|
StrCpy(hub_name, sizeof(hub_name), h->Name);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
Unlock(h->lock);
|
Unlock(h->lock);
|
||||||
|
|
||||||
ReleaseHub(h);
|
ReleaseHub(h);
|
||||||
|
Loading…
Reference in New Issue
Block a user