[mw-devel] [Git][arthur/mw][userdb] Make the server login more robust

Wed Aug 10 16:44:31 BST 2016

Justin Mitchell pushed to branch userdb at Justin Mitchell / mw


Commits:
debca6e4 by Justin Mitchell at 2016-08-10T16:45:39+01:00
Make the server login more robust

- - - - -


2 changed files:

- src/nonce.c
- src/server/servsock.c


Changes:

=====================================
src/nonce.c
=====================================

--- a/src/nonce.c
+++ b/src/nonce.c
@@ -9,6 +9,7 @@ const char * get_nonce()
 
 int match_nonce(const char *test)
 {
+	if (test == NULL) return 0;
 	if (strcmp(test, NONCE)==0) return 1;
 	return 0;
 }


=====================================
src/server/servsock.c
=====================================
--- a/src/server/servsock.c
+++ b/src/server/servsock.c
@@ -305,6 +305,14 @@ void process_msg(ipc_connection_t *conn, ipc_message_t *msg)
 			conn->state = IPCSTATE_PURGE;
 			return;
 		}
+
+		if (username == NULL || *username == 0) {
+			_autodestroy ipc_message_t * error = msg_error("NOUSER");
+			msg_attach(error, conn);
+			printf("Missing username\n");
+			conn->state = IPCSTATE_PURGE;
+			return;
+		}
 		
 		const char * action = ipcmsg_getstring(msg, "action");
 
@@ -312,7 +320,7 @@ void process_msg(ipc_connection_t *conn, ipc_message_t *msg)
 			printf("New user=%s for conn fd=%d not found\n", username, conn->fd);
 
 			// they dont exist, so create them
-			if (strcasecmp(action, "autoreg")==0) {
+			if (action && strcasecmp(action, "autoreg")==0) {
 				const char * password = ipcmsg_getstring(msg, "password");
 				const char * realname = ipcmsg_getstring(msg, "realname");
 				const char * contact = ipcmsg_getstring(msg, "contact");
@@ -361,7 +369,7 @@ void process_msg(ipc_connection_t *conn, ipc_message_t *msg)
 		
 		// we really must write proper authentication
 		// for now just bodge similar operation to existing client	
-		if (strcasecmp(action, "auth")==0) {
+		if (action && strcasecmp(action, "auth")==0) {
 			const char * password = ipcmsg_getstring(msg, "password");
 			char salt[3];
 



View it on GitLab: https://projects.sucs.org/arthur/mw/commit/debca6e472db5b3bc423b564802cf0bf79d431f3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sucs.org/pipermail/mw-devel/attachments/20160810/75addcec/attachment-0001.html>
