[En-Nut-Discussion] HTTP password protection - better solution

Wed Aug 30 13:57:45 CEST 2006

Peter Sodermanns wrote:
> /*!
>  * \brief Change name and/or password for an existing authorization entry.
>  *
>  * \param dirname   Name of the directory to protect.
>  * \param oldlogin  Current login (name:password).
>  * \param newlogin  Changed login (name:password).
>  *
>  * \return 0 on success, -1 otherwise.
>  */
> int NutChangeAuth(CONST char *dirname, CONST char *oldlogin, CONST char
> *newlogin)
> {
>     AUTHINFO *auth;
> 
>     auth = (NutHttpAuthLookup(dirname, oldlogin));
>     if (auth) {
>         strcpy((char *) auth->auth_login, newlogin);
>         return 0;
>     } else {
>         return -1;
>     }
> }

Maybe one minor change to ensure longer 'newlogin' values don't trash
your memory:

int NutChangeAuth(CONST char *dirname, CONST char *oldlogin, CONST char
*newlogin)
{
    AUTHINFO *auth;

    auth = (NutHttpAuthLookup(dirname, oldlogin));
    if (auth) {
        if (auth->auth_login) {
            NutHeapFree((char *) auth->auth_login);
            auth->auth_login = 0;
        }
        auth->auth_login = (char*) strdup(newlogin);
        return 0;
    } else {
        return -1;
    }
}

-- 
Ulrich Hertlein | Software Development

ART+COM AG
Kleiststr. 23-26 | 10787 Berlin | Germany

phone: +49.30.21001-433
fax:   +49.30.21001-555

http://www.artcom.de