GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Allow matching passwords of format <xxx_password> in client's login message

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2015-11-26 16:00:09 +01:00
parent cefd77b633
commit 2484d81aad
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/worker-auth.c
View File

@@ -986,9 +986,13 @@ int match_password_in_reply(worker_st * ws, char *body, unsigned body_length,
if (memmem(body, body_length, "<?xml", 5) != 0) {
xml = 1;
/* body should contain <password?>test</password?> */
/* body should contain <password?>test</password?> or <xxx_password>test</xxx_password> */
*value =
strcasestr(body, "<password");
if (*value == NULL)
*value =
strcasestr(body, "_password>");
if (*value == NULL) {
oclog(ws, LOG_HTTP_DEBUG,
"cannot find password in client XML message");
@@ -1006,8 +1010,7 @@ int match_password_in_reply(worker_st * ws, char *body, unsigned body_length,
*value = p;
len = 0;
while (*p != 0) {
if (*p == '<'
&& (strncasecmp(p, "</password", sizeof("</password")-1) == 0)) {
if (*p == '<' && *(p+1) == '/') {
break;
}
p++;