diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-02 22:52:38 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-02 22:52:38 +0200 |
commit | 709ed1ab7417596a049173ebe2380f7326c2d560 (patch) | |
tree | 4eeec15cb3e91f7c2e35391c6021d5fac6ffe4ef /plugin/eurephia-auth.c | |
parent | 892874947d70b75a932d5990a0e9c43685cfde79 (diff) | |
download | eurephia-709ed1ab7417596a049173ebe2380f7326c2d560.tar.gz eurephia-709ed1ab7417596a049173ebe2380f7326c2d560.tar.xz eurephia-709ed1ab7417596a049173ebe2380f7326c2d560.zip |
Modified get_env() function to limit number of bytes to extract
This is to enhance the security and to avoid possible buffer overflows
based on input received from the client
Diffstat (limited to 'plugin/eurephia-auth.c')
-rw-r--r-- | plugin/eurephia-auth.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/plugin/eurephia-auth.c b/plugin/eurephia-auth.c index 10d9447..14ef79b 100644 --- a/plugin/eurephia-auth.c +++ b/plugin/eurephia-auth.c @@ -39,7 +39,7 @@ #include <eurephia_context.h> #include <eurephiadb.h> #include <eurephia.h> - +#include <eurephia_nullsafe.h> #ifdef ENABLE_DEBUG /* To avoid compiler warnings when ENABLE_DEBUG is not defined */ @@ -110,9 +110,9 @@ static void dump_env(FILE *f, const char *prefix, const char *envp[]) { */ static void daemonize(const char *envp[]) { - const char *daemon_string = get_env(NULL, 0, envp, "daemon"); + char *daemon_string = get_env(NULL, 0, 32, envp, "daemon"); if( daemon_string && daemon_string[0] == '1' ) { - const char *log_redirect = get_env(NULL, 0, envp, "daemon_log_redirect"); + char *log_redirect = get_env(NULL, 0, 32, envp, "daemon_log_redirect"); int fd = -1; if( log_redirect && log_redirect[0] == '1' ) { fd = dup (2); @@ -123,7 +123,9 @@ static void daemonize(const char *envp[]) dup2(fd, 2); close(fd); } + free_nullsafe(NULL, log_redirect); } + free_nullsafe(NULL, daemon_string); } |