Changeset 1374

Timestamp:

09/30/08 05:30:55 (4 years ago)

Author:

wichert

Message:

URL encode the token when sending to auth server

When logging in something the wifidog gateway unescaped the token, but the
token was never escaped when send out again for an auth request. Fixes #473

Location:

trunk/wifidog

Files:

• ChangeLog (modified) (1 diff)
• src/centralserver.c (modified) (4 diffs)

trunk/wifidog/ChangeLog

@@ -2 +2 @@
 
 2008-09-30 Wichert Akkerman <wichert@wiggy.net>
-        * Clean up compiler warnings (mostly signed/unsigned comparisons)
+        * URL encode the token before transmitting (it was already decoded).
+          Fixes ticket #473
+        * Clean up compiler warnings.
         * Security: strncpy may not NUL-terminate strings, so enforce this
-          ourselves.
-        * Make it possible to protect the status page
+          ourselves. Fixes ticket #464
+        * Make it possible to protect the status page. Fixes ticket #463.
 
 2008-07-20 Alexandre Carmel-Veilleux <acv@miniguru.ca>

trunk/wifidog/src/centralserver.c

@@ -70 +70 @@
         char buf[MAX_BUF];
         char *tmp;
+        char *safe_token;
         int done, nfds;
         fd_set                  readfds;
@@ -90 +91 @@
          */
         memset(buf, 0, sizeof(buf));
+        safe_token=httpdUrlEncode(token);
         snprintf(buf, (sizeof(buf) - 1),
                 "GET %s%sstage=%s&ip=%s&mac=%s&token=%s&incoming=%llu&outgoing=%llu HTTP/1.0\r\n"
@@ -100 +102 @@
                 ip,
                 mac,
-                token,
+                safe_token,
                 incoming,
                 outgoing,
@@ -106 +108 @@
                 auth_server->authserv_hostname
         );
+
+        free(safe_token);
 
         debug(LOG_DEBUG, "Sending HTTP request to auth server: [%s]\n", buf);