From 7de9a03f7a8fecd9a5b8ea7e0414e766d9fe09c5 Mon Sep 17 00:00:00 2001
From: Andrew Hanushevsky <abh@stanford.edu>
Date: Mon, 29 Jun 2020 15:40:01 -0700
Subject: [PATCH] [Server] Make sure to sanitize username in the HTTP bridge.

---
 src/XrdXrootd/XrdXrootdTransit.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/XrdXrootd/XrdXrootdTransit.cc b/src/XrdXrootd/XrdXrootdTransit.cc
index 7e5b6fd443c..216e1b980b9 100644
--- a/src/XrdXrootd/XrdXrootdTransit.cc
+++ b/src/XrdXrootd/XrdXrootdTransit.cc
@@ -39,6 +39,7 @@
 #include "Xrd/XrdBuffer.hh"
 #include "Xrd/XrdLink.hh"
 #include "XrdOuc/XrdOucErrInfo.hh"
+#include "XrdOuc/XrdOucUtils.hh"
 #include "XrdSys/XrdSysAtomics.hh"
 #include "XrdXrootd/XrdXrootdStats.hh"
 #include "XrdXrootd/XrdXrootdTrace.hh"
@@ -267,6 +268,7 @@ void XrdXrootdTransit::Init(XrdXrootd::Bridge::Result *respP, // Private
    if (n >= int(sizeof(uname))) n = sizeof(uname)-1;
    strncpy(uname, nameP, sizeof(uname)-1);
    uname[n] = 0;
+   XrdOucUtils::Sanitize(uname);
    linkP->setID(uname, pID);
 
 // Indicate that this brige supports asynchronous responses