diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 6dbfb56fa..da0c66416 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -245,3 +245,18 @@ User *zmLoadAuthUser( const char *auth, bool use_remote_addr ) { Debug(1, "No user found for auth_key %s", auth ); return 0; } + +//Function to check Username length +bool checkUser ( const char *username) { + if ( strlen(username) > 32) { + return false; + } + return true; +} +//Function to check password length +bool checkPass (const char *password) { + if ( strlen(password) > 64) { + return false; + } + return true; +} diff --git a/src/zm_user.h b/src/zm_user.h index 37bf45736..00c61185b 100644 --- a/src/zm_user.h +++ b/src/zm_user.h @@ -77,5 +77,7 @@ public: User *zmLoadUser( const char *username, const char *password=0 ); User *zmLoadAuthUser( const char *auth, bool use_remote_addr ); +bool checkUser ( const char *username); +bool checkPass (const char *password); #endif // ZM_USER_H diff --git a/src/zms.cpp b/src/zms.cpp index a5fef0134..634e07030 100644 --- a/src/zms.cpp +++ b/src/zms.cpp @@ -191,9 +191,12 @@ int main( int argc, const char *argv[] ) { User *user = 0; if ( strcmp(config.auth_relay, "none") == 0 ) { - if ( username.length() ) { + if ( checkUser(username.c_str()) ) { user = zmLoadUser(username.c_str()); + } else { + Error("") } + } else { //if ( strcmp( config.auth_relay, "hashed" ) == 0 ) { diff --git a/src/zmu.cpp b/src/zmu.cpp index af6cb603d..a8ee61273 100644 --- a/src/zmu.cpp +++ b/src/zmu.cpp @@ -425,6 +425,10 @@ int main(int argc, char *argv[]) { if ( config.opt_use_auth ) { if ( strcmp(config.auth_relay, "none") == 0 ) { + if ( !checkUser(username)) { + fprintf(stderr, "Error, username greater than allowed 32 characters\n"); + exit_zmu(-1); + } if ( !username ) { fprintf(stderr, "Error, username must be supplied\n"); exit_zmu(-1); @@ -438,7 +442,14 @@ int main(int argc, char *argv[]) { fprintf(stderr, "Error, username and password or auth string must be supplied\n"); exit_zmu(-1); } - + if ( !checkUser(username)) { + fprintf(stderr, "Error, username greater than allowed 32 characters\n"); + exit_zmu(-1); + } + if ( !checkPass(password)) { + fprintf(stderr, "Error, password greater than allowed 64 characters\n"); + exit_zmu(-1); + } //if ( strcmp( config.auth_relay, "hashed" ) == 0 ) { if ( auth ) { diff --git a/web/skins/classic/includes/control_functions.php b/web/skins/classic/includes/control_functions.php index 6274afae5..ec51458ee 100644 --- a/web/skins/classic/includes/control_functions.php +++ b/web/skins/classic/includes/control_functions.php @@ -270,7 +270,7 @@ function controlPresets( $monitor, $cmds ) { NumPresets(); $i++ ) { ?> - " value="" onclick="controlCmd('');"/> +