From: Art Cancro <ajc@citadel.org>
Date: Tue, 24 Jan 2006 16:07:54 +0000 (+0000)
Subject: * client_getln() now fails if the client attempts to transmit non printable
X-Git-Tag: v7.86~4275
X-Git-Url: https://code.citadel.org/?a=commitdiff_plain;h=d4639c4ce194899985c422ae6fa9e2a172e6b4e0;p=citadel.git

* client_getln() now fails if the client attempts to transmit non printable
  characters.   This is for fast bailout if someone tries to do HTTPS to a
  non-SSL webcit.
---

diff --git a/webcit/ChangeLog b/webcit/ChangeLog
index 7fabeaed4..da81745bd 100644
--- a/webcit/ChangeLog
+++ b/webcit/ChangeLog
@@ -1,5 +1,10 @@
 $Id$
 
+Tue Jan 24 11:07:04 EST 2006 ajc
+* client_getln() now fails if the client attempts to transmit non printable
+  characters.   This is for fast bailout if someone tries to do HTTPS to a
+  non-SSL webcit.
+
 Mon Jan 23 22:51:11 EST 2006 ajc
 * Got a primitive version of the wiki system in place.  Needs a lot of fine
   tuning but it basically works.
diff --git a/webcit/webserver.c b/webcit/webserver.c
index bebc06417..c46c79ba3 100644
--- a/webcit/webserver.c
+++ b/webcit/webserver.c
@@ -380,8 +380,13 @@ int client_getln(int sock, char *buf, int bufsiz)
 		retval = client_read(sock, &buf[i], 1);
 		if (retval != 1 || buf[i] == '\n' || i == (bufsiz-1))
 			break;
+		if ( (!isspace(buf[i])) && (!isprint(buf[i])) ) {
+			lprintf(2, "Non printable character recieved from client\n");
+			return(-1);
+		}
 	}
 
+
 	/** If we got a long line, discard characters until the newline.	 */
 	if (i == (bufsiz-1))
 		while (buf[i] != '\n' && retval == 1)