Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

*** empty log message *** 

svn path=/trunk/boinc/; revision=12057
This commit is contained in:
Rom Walton 2007-02-08 21:23:36 +00:00
parent 3b27b99b0e
commit d0fd619ca9
3 changed files with 53 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
checkin_notes
View File

@ -1543,20 +1543,20 @@ Rom 7 Feb 2007
client/
Makefile.am
David 7 Feb 2008
David 7 Feb 2007
- fix PHP 4 problem
html/inc
forum_email.inc
David 8 Feb 2008
David 8 Feb 2007
- core client: fix bug where screensaver would turn on an off
if CPU throttling being used
client/
ss_logic.C
Rytis 8 Feb 2008
Rytis 8 Feb 2007
- Forum pages: fix a cross site scripting vulnerability.
html/
@ -1577,10 +1577,18 @@ Rytis 8 Feb 2008
forum_subscribe.php
forum_thread.php
David 8 Feb 2008
David 8 Feb 2007
- core client: fix bug that causes tasks to hang
(not running, but BOINC thinks it is) on Windows
client/
app.C
app_control.C
Rom 8 Feb 2007
- MGR: Add simple validation for the authenticator returned by
InternetGetCookie.
clientlib/win/
AuthenticatorDetection.cpp
stdafx.h

36
clientlib/win/AuthenticatorDetection.cpp
View File

@ -34,12 +34,13 @@
EXTERN_C __declspec(dllexport) BOOL DetectSetupAuthenticator(LPCTSTR szProjectURL, LPTSTR szAuthenticator, LPDWORD lpdwSize)
{
BOOL bReturnValue = FALSE;
BOOL bValidates = TRUE;
TCHAR szCookieBuffer[2048];
TCHAR* pszCookieFragment = NULL;
LPTSTR pszCookieFragment = NULL;
DWORD dwSize = sizeof(szCookieBuffer)/sizeof(TCHAR);
std::string strCookieFragment;
std::string strCookieName;
std::string strCookieValue;
tstring strCookieFragment;
tstring strCookieName;
tstring strCookieValue;
size_t uiDelimeterLocation;
bReturnValue = InternetGetCookie(szProjectURL, NULL, szCookieBuffer, &dwSize);
@ -59,11 +60,35 @@ EXTERN_C __declspec(dllexport) BOOL DetectSetupAuthenticator(LPCTSTR szProjectUR
strCookieName = strCookieFragment.substr(0, uiDelimeterLocation);
strCookieValue = strCookieFragment.substr(uiDelimeterLocation + 1);
if (std::string(_T("Setup")) == strCookieName)
if (tstring(_T("Setup")) == strCookieName)
{
// Perform some basic validation of the suspect authenticator
//
// If the string is null then it is invalid.
if (0 == strCookieValue.length()) {
bValidates = FALSE;
}
// If the string contains non alpha numeric characters it is invalid.
tstring::iterator it = strCookieValue.begin();
while (it != strCookieValue.end()) {
if (!_istalpha(*it) && !_istdigit(*it)) {
bValidates = FALSE;
}
it++;
}
// If validation failed, null out the Authenticator field just in case
// somebody tries to use it, otherwise copy in the real deal.
if (!bValidates) {
_tcsncpy(szAuthenticator, _T(""), *lpdwSize);
*lpdwSize = 0;
} else {
_tcsncpy(szAuthenticator, strCookieValue.c_str(), *lpdwSize);
*lpdwSize = (DWORD)_tcslen(szAuthenticator);
}
}
pszCookieFragment = _tcstok(NULL, _T("; "));
}
@ -73,6 +98,7 @@ EXTERN_C __declspec(dllexport) BOOL DetectSetupAuthenticator(LPCTSTR szProjectUR
fprintf(stderr, _T("DetectSetupAuthenticator() - InternetGetCookieEx Failed. GetLastError = '%d'"), GetLastError());
}
return bReturnValue;
}

8
clientlib/win/stdafx.h
View File

@ -53,6 +53,14 @@
#include <vector>
#include <string>
#ifdef _UNICODE
#define tstring std::wstring
#define tostringstream std::wostringstream
#else
#define tstring std::string
#define tostringstream std::ostringstream
#endif
#import "SENS.DLL" raw_interfaces_only, raw_native_types, no_namespace, named_guids
using namespace ATL;