Merge pull request #760 from majestrate/fix-http-auth

Fix http auth when long password used and add peer count on transports page
8 years ago · 97818c6f32
1 changed files with 13 additions and 9 deletions
--- a/HTTPServer.cpp
+++ b/HTTPServer.cpp
@ -494,8 +494,9 @@ namespace http {
				@@ -494,8 +494,9 @@ namespace http {
 		auto ntcpServer = i2p::transport::transports.GetNTCPServer (); 
 		if (ntcpServer)
 		{
-			s << "<b>NTCP</b><br>\r\n";
-			for (const auto& it: ntcpServer->GetNTCPSessions ())
+			auto sessions = ntcpServer->GetNTCPSessions ();
+			s << "<b>NTCP</b> ( " << (int) sessions.size() << " )<br>\r\n";
+			for (const auto& it: sessions )
 			{
 				if (it.second && it.second->IsEstablished ())
 				{
@ -512,8 +513,9 @@ namespace http {
				@@ -512,8 +513,9 @@ namespace http {
 		auto ssuServer = i2p::transport::transports.GetSSUServer ();
 		if (ssuServer)
 		{
-			s << "<br>\r\n<b>SSU</b><br>\r\n";
-			for (const auto& it: ssuServer->GetSessions ())
+			auto sessions = ssuServer->GetSessions ();
+			s << "<br>\r\n<b>SSU</b> ( " << (int) sessions.size() << " )<br>\r\n";
+			for (const auto& it: sessions)
 			{
 				auto endpoint = it.second->GetRemoteEndpoint ();
 				if (it.second->IsOutgoing ()) s << " &#8658; ";
@ -713,20 +715,22 @@ namespace http {
				@@ -713,20 +715,22 @@ namespace http {
 		}
 		/* method #2: 'Authorization' header sent */
 		if (req.headers.count("Authorization") > 0) {
+			bool result = false;
 			std::string provided = req.headers.find("Authorization")->second;
 			std::string expected = user + ":" + pass;
-			char b64_creds[64];
+			size_t b64_sz = i2p::data::Base64EncodingBufferSize(expected.length()) + 1;
+			char * b64_creds = new char[b64_sz];
 			std::size_t len = 0;
-			len = i2p::data::ByteStreamToBase64((unsigned char *)expected.c_str(), expected.length(), b64_creds, sizeof(b64_creds));
+			len = i2p::data::ByteStreamToBase64((unsigned char *)expected.c_str(), expected.length(), b64_creds, b64_sz);
 			/* if we decoded properly then check credentials */
 			if(len) {
 				b64_creds[len] = '\0';
 				expected = "Basic ";
 				expected += b64_creds;
-				return expected == provided;
+				result = expected == provided;
 			}
-			/** we decoded wrong so it's not a correct login credential */
-			return false;
+			delete [] b64_creds;
+			return result;
 		}

 		LogPrint(eLogWarning, "HTTPServer: auth failure from ", m_Socket->remote_endpoint().address ());