size_t declen;
now = time(NULL);
+ dec = NULL;
if(reqssl && (((raw = getheader(req, "X-Ash-Protocol")) == NULL) || strcmp(raw, "https"))) {
simpleerror(fd, 403, "Forbidden", "The requested resource must be requested over HTTPS.");
goto out;
}
- dec = NULL;
if(((raw = getheader(req, "Authorization")) == NULL) || strncasecmp(raw, "basic ", 6)) {
reqauth(req, fd);
goto out;
}
memset(raw, 0, strlen(raw));
headrmheader(req, "Authorization");
+ for(p = dec; *p; p++) {
+ if(*p < 32) {
+ simpleerror(fd, 400, "Invalid request", "The authentication data is invalid.");
+ goto out;
+ }
+ }
if((p = strchr(dec, ':')) == NULL) {
simpleerror(fd, 400, "Invalid request", "The authentication data is invalid.");
goto out;
FILE *out;
rv = 0;
- if(strchr(user, '\n') || strchr(pass, '\n')) {
- simpleerror(fd, 401, "Invalid authentication", "The supplied credentials are invalid.");
- return(0);
- }
msg = "The supplied credentials are invalid.";
pipe(pfd);
pipe(efd);