[Server] Make sure to sanitize username in the HTTP bridge.

xrootd · Jun 29, 2020 · 7de9a03 · 7de9a03
1 parent ca6d3b9
commit 7de9a03
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/XrdXrootd/XrdXrootdTransit.cc b/src/XrdXrootd/XrdXrootdTransit.cc
@@ -39,6 +39,7 @@
 #include "Xrd/XrdBuffer.hh"
 #include "Xrd/XrdLink.hh"
 #include "XrdOuc/XrdOucErrInfo.hh"
+#include "XrdOuc/XrdOucUtils.hh"
 #include "XrdSys/XrdSysAtomics.hh"
 #include "XrdXrootd/XrdXrootdStats.hh"
 #include "XrdXrootd/XrdXrootdTrace.hh"
@@ -267,6 +268,7 @@ void XrdXrootdTransit::Init(XrdXrootd::Bridge::Result *respP, // Private
    if (n >= int(sizeof(uname))) n = sizeof(uname)-1;
    strncpy(uname, nameP, sizeof(uname)-1);
    uname[n] = 0;
+   XrdOucUtils::Sanitize(uname);
    linkP->setID(uname, pID);
 
 // Indicate that this brige supports asynchronous responses