ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2483 from connortechnology/fix_user_auth_memleak 

Now that we are dynamically allocating safer_username and safer_passw…
This commit is contained in:
Steve Gilvarry 2019-01-26 01:14:18 +11:00 committed by GitHub
parent 8c5687ca30 6d7660cdbd
commit 9956eae70a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/zm_user.cpp
View File

@ -89,18 +89,21 @@ bool User::canAccess( int monitor_id ) {
// Please note that in auth relay mode = none, password is NULL // Please note that in auth relay mode = none, password is NULL
User *zmLoadUser( const char *username, const char *password ) { User *zmLoadUser( const char *username, const char *password ) {
char sql[ZM_SQL_MED_BUFSIZ] = ""; char sql[ZM_SQL_MED_BUFSIZ] = "";
char *safer_username = new char[(strlen(username) * 2) + 1]; int username_length = strlen(username);
char *safer_username = new char[(username_length * 2) + 1];
// According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator. // According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator.
mysql_real_escape_string(&dbconn, safer_username, username, strlen( username ) ); mysql_real_escape_string(&dbconn, safer_username, username, username_length );
if ( password ) { if ( password ) {
char *safer_password = new char[(strlen(password) * 2) +1]; int password_length = strlen(password);
mysql_real_escape_string(&dbconn, safer_password, password, strlen( password ) ); char *safer_password = new char[(password_length * 2) + 1];
mysql_real_escape_string(&dbconn, safer_password, password, password_length);
snprintf(sql, sizeof(sql), snprintf(sql, sizeof(sql),
"SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds"
" FROM Users WHERE Username = '%s' AND Password = password('%s') AND Enabled = 1", " FROM Users WHERE Username = '%s' AND Password = password('%s') AND Enabled = 1",
safer_username, safer_password ); safer_username, safer_password );
delete safer_password;
} else { } else {
snprintf(sql, sizeof(sql), snprintf(sql, sizeof(sql),
"SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds"
@ -131,6 +134,7 @@ User *zmLoadUser( const char *username, const char *password ) {
Info("Authenticated user '%s'", user->getUsername()); Info("Authenticated user '%s'", user->getUsername());
mysql_free_result(result); mysql_free_result(result);
delete safer_username;
return user; return user;
} }