Browse files

Fix NULL pointer dereference in webadmin.

Triggerable by any non-admin, if webadmin is loaded.

The only affected version is 1.0

Thanks to ChauffeR (Simone Esposito) for reporting this.
  • Loading branch information...
1 parent def14c2 commit 2bd410ee5570cea127233f1133ea22f25174eb28 @DarthGandalf DarthGandalf committed May 27, 2013
Showing with 4 additions and 4 deletions.
  1. +4 −4 modules/webadmin.cpp
View
8 modules/webadmin.cpp
@@ -426,7 +426,7 @@ class CWebAdminMod : public CModule {
CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
// Admin||Self Check
- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
return false;
}
@@ -455,7 +455,7 @@ class CWebAdminMod : public CModule {
CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
// Admin||Self Check
- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
return false;
}
@@ -479,7 +479,7 @@ class CWebAdminMod : public CModule {
CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
// Admin||Self Check
- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
return false;
}
@@ -493,7 +493,7 @@ class CWebAdminMod : public CModule {
CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
// Admin||Self Check
- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
return false;
}

0 comments on commit 2bd410e

Please sign in to comment.