[vlc-devel] [PATCH] net/httpd: accept any user if none requested

Vincent Bernat vincent at bernat.im
Sun Apr 27 16:25:11 CEST 2014


From: Vincent Bernat <bernat at luffy.cx>

When no user (resp. password) is required, accept any
user (resp. password). The Lua web interface is not requiring a username
and therefore, the authentication has to be done with an empty
user. Many HTTP clients choke with this. For example, curl doesn't
accept an empty username. This change allows the user to provide any
username to authenticate as long as the password matches.
---
 src/network/httpd.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/network/httpd.c b/src/network/httpd.c
index 816d348a3328..a8df339d9785 100644
--- a/src/network/httpd.c
+++ b/src/network/httpd.c
@@ -1109,8 +1109,8 @@ httpd_url_t *httpd_UrlNew(httpd_host_t *host, const char *psz_url,
 
     vlc_mutex_init(&url->lock);
     url->psz_url = strdup(psz_url);
-    url->psz_user = strdup(psz_user ? psz_user : "");
-    url->psz_password = strdup(psz_password ? psz_password : "");
+    url->psz_user = psz_user ? strdup(psz_user) : NULL;
+    url->psz_password = psz_password ? strdup(psz_password) : NULL;
     for (int i = 0; i < HTTPD_MSG_MAX; i++) {
         url->catch[i].cb = NULL;
         url->catch[i].p_sys = NULL;
@@ -1713,7 +1713,7 @@ static void httpd_ClientTlsHandshake(httpd_client_t *cl)
 
 static bool httpdAuthOk(const char *user, const char *pass, const char *b64)
 {
-    if (!*user && !*pass)
+    if (!(user && *user) && !(pass && *pass))
         return true;
 
     if (!b64)
@@ -1737,10 +1737,10 @@ static bool httpdAuthOk(const char *user, const char *pass, const char *b64)
 
     *given_pass++ = '\0';
 
-    if (strcmp (given_user, user))
+    if (user && *user && strcmp (given_user, user))
         goto auth_failed;
 
-    if (strcmp (given_pass, pass))
+    if (pass && *pass && strcmp (given_pass, pass))
         goto auth_failed;
 
     free(given_user);
-- 
2.0.0.rc0




More information about the vlc-devel mailing list