Fix an issue that can bypass basic authentication

author Shuanglei Tao <tsl0922@gmail.com>

Fri, 10 Mar 2017 18:05:16 +0000 (02:05 +0800)

committer Shuanglei Tao <tsl0922@gmail.com>

Fri, 10 Mar 2017 18:11:52 +0000 (02:11 +0800)
author Shuanglei Tao <tsl0922@gmail.com>
Fri, 10 Mar 2017 18:05:16 +0000 (02:05 +0800)
committer Shuanglei Tao <tsl0922@gmail.com>
Fri, 10 Mar 2017 18:11:52 +0000 (02:11 +0800)
diff --git a/src/protocol.c b/src/protocol.c

index b6025bf6d1622f8f87b12a95ad00f779786ef1a6..025215ee205ea332a1fa847e100b9d37d51d5aec 100644 (file)
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -311,12 +311,13 @@ callback_tty(struct lws *wsi, enum lws_callback_reasons reason,
                          struct json_object *o = NULL;
                          if (json_object_object_get_ex(obj, "AuthToken", &o)) {
                              const char *token = json_object_get_string(o);
-                            if (token == NULL || strcmp(token, server->credential)) {
+                            if (token != NULL && !strcmp(token, server->credential))
+                                client->authenticated = true;
+                            else
                                  lwsl_warn("WS authentication failed with token: %s\n", token);
-                                return 1;
-                            }
                          }
-                        client->authenticated = true;
+                        if (!client->authenticated)
+                            return 1;
                      }
                      int err = pthread_create(&client->thread, NULL, thread_run_command, client);
                      if (err != 0) {
author	Shuanglei Tao <tsl0922@gmail.com>
	Fri, 10 Mar 2017 18:05:16 +0000 (02:05 +0800)
committer	Shuanglei Tao <tsl0922@gmail.com>
	Fri, 10 Mar 2017 18:11:52 +0000 (02:11 +0800)