projects / project / rpcd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
session: disallow destroying the null session
[project/rpcd.git] / session.c
diff --git a/session.c b/session.c
index df96ced..fc5f19b 100644 (file)
--- a/session.c
+++ b/session.c
@@ -751,6 +751,9 @@ rpc_handle_destroy(struct ubus_context *ctx, struct ubus_object *obj,
        if (!tb)
                return UBUS_STATUS_INVALID_ARGUMENT;
 
+       if (!strcmp(blobmsg_get_string(tb), RPC_DEFAULT_SESSION_ID))
+               return UBUS_STATUS_PERMISSION_DENIED;
+
        ses = rpc_session_get(blobmsg_data(tb));
        if (!ses)
                return UBUS_STATUS_NOT_FOUND;
@@ -792,7 +795,7 @@ rpc_login_test_password(const char *hash, const char *password)
 #endif
        }
 
-       crypt_hash = crypt(hash, password);
+       crypt_hash = crypt(password, hash);
 
        return !strcmp(crypt_hash, hash);
 }
@@ -801,7 +804,7 @@ static struct uci_section *
 rpc_login_test_login(struct uci_context *uci,
                      const char *username, const char *password)
 {
-       struct uci_package *p;
+       struct uci_package *p = NULL;
        struct uci_section *s;
        struct uci_element *e;
        struct uci_ptr ptr = { .package = "rpcd" };
OpenWrt ubus RPC daemon