[PATCH 1/5] detect user[name], pass[word] form fields using only the first 4 characters

Daniel Lenski dlenski at gmail.com
Sun Mar 4 01:31:57 PST 2018


The current process_auth_form_cb hard-codes the interpretation of these form
fields based on their names.  GlobalProtect has identical fields but with
slightly different names.

Signed-off-by: Daniel Lenski <dlenski at gmail.com>
Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
---
 main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.c b/main.c
index d09efd5..086df2b 100644
--- a/main.c
+++ b/main.c
@@ -1976,7 +1976,7 @@ static int process_auth_form_cb(void *_vpninfo,
 
 		} else if (opt->type == OC_FORM_OPT_TEXT) {
 			if (username &&
-			    !strcmp(opt->name, "username")) {
+			    !strncmp(opt->name, "user", 4)) {
 				opt->_value = username;
 				username = NULL;
 			} else {
@@ -1989,7 +1989,7 @@ static int process_auth_form_cb(void *_vpninfo,
 
 		} else if (opt->type == OC_FORM_OPT_PASSWORD) {
 			if (password &&
-			    !strcmp(opt->name, "password")) {
+			    !strncmp(opt->name, "pass", 4)) {
 				opt->_value = password;
 				password = NULL;
 			} else {
-- 
2.7.4




More information about the openconnect-devel mailing list