Ensure the login information is null-terminated.

author: default <nobody@localhost> 2022-10-04 11:55:48 +0200
committer: default <nobody@localhost> 2022-10-04 11:55:48 +0200
commit: f521285d753c38ec99f5e982cbabf871ac107936 (patch)
tree: 1403bebf9037d6bc32332f78ceeffe699abbf3da
parent: 1791e05346613ff1858689bdb1c8385eb4d8a0c7 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/html.c b/html.c
index 1f6d60c..3cf171e 100644
--- a/html.c
+++ b/html.c
@@ -132,7 +132,12 @@ int login(snac *snac, char *headers)
         int sz;
         xs *s1 = xs_crop(xs_dup(auth), 6, 0);
         xs *s2 = xs_base64_dec(s1, &sz);
-        xs *l1 = xs_split_n(s2, ":", 1);
+
+        /* copy to asciiz it */
+        xs *s3 = calloc(sz + 1, 1);
+        memcpy(s3, s2, sz);
+
+        xs *l1 = xs_split_n(s3, ":", 1);
 
         if (xs_list_len(l1) == 2) {
             logged_in = check_password(
author	default <nobody@localhost>	2022-10-04 11:55:48 +0200
committer	default <nobody@localhost>	2022-10-04 11:55:48 +0200
commit	f521285d753c38ec99f5e982cbabf871ac107936 (patch)
tree	1403bebf9037d6bc32332f78ceeffe699abbf3da
parent	1791e05346613ff1858689bdb1c8385eb4d8a0c7 (diff)