Fossil SCM

Remove some debug output.

stephan 2025-07-24 01:12 xfer-login-card
Commit d1b7be2ff8822c9dd731f8c31a31a156c82f4e005d48241f581fee708d8f5735
Parent 815a84cbcc6872c…
1 file changed +4 -8
~ src/xfer.c
M src/xfer.c
+4 -8
--- src/xfer.c
+++ src/xfer.c
@@ -866,13 +866,13 @@
866866
 const char *zPw = db_column_text(&q, 0);
867867
 char *zSecret = sha1_shared_secret(zPw, blob_str(pLogin), 0);
868868
 blob_zero(&combined);
869869
 blob_copy(&combined, pNonce);
870870
 blob_append(&combined, zSecret, -1);
871
+ fossil_free(zSecret);
871872
 sha1sum_blob(&combined, &hash);
872873
 rc = blob_constant_time_cmp(&hash, pSig);
873
- fossil_free(zSecret);
874874
 blob_reset(&hash);
875875
 blob_reset(&combined);
876876
 }
877877
 if( rc==0 ){
878878
 const char *zCap;
@@ -881,11 +881,10 @@
881881
 g.userUid = db_column_int(&q, 2);
882882
 g.zLogin = mprintf("%b", pLogin);
883883
 g.zNonce = mprintf("%b", pNonce);
884884
 }
885885
 }
886
- /* @ message login\src=%d(rc)\sas\s%F(g.zLogin) */
887886
 db_finalize(&q);
888887
 return rc;
889888
 }
890889
891890
 /*
@@ -1318,13 +1317,13 @@
13181317
 if( zScript ){ /* NOTE: Are TH1 transfer hooks enabled? */
13191318
 pzUuidList = &zUuidList;
13201319
 pnUuidList = &nUuidList;
13211320
 }
13221321
 if( g.syncInfo.zLoginCard ){
1323
- /* Login card received via HTTP header X-Fossil-Xfer-Login */
1324
- assert( g.syncInfo.bLoginCardHeader && "Set via HTTP header parser" );
1325
- @ message got\slogin\scard\sheader:\s%F(g.syncInfo.zLoginCard)
1322
+ /* Login card received via HTTP header X-Fossil-Xfer-Login or
1323
+ ** x-f-x-l GET parameter. */
1324
+ assert( g.syncInfo.bLoginCardHeader && "Set via HTTP header/GET arg" );
13261325
 blob_zero(&xfer.line);
13271326
 blob_append(&xfer.line, g.syncInfo.zLoginCard, -1);
13281327
 xfer.nToken = blob_tokenize(&xfer.line, xfer.aToken,
13291328
 count(xfer.aToken));
13301329
 fossil_free( g.syncInfo.zLoginCard );
@@ -1577,13 +1576,10 @@
15771576
 */
15781577
 if( blob_eq(&xfer.aToken[0], "login")
15791578
 && xfer.nToken==4
15801579
 ){
15811580
 handle_login_card:
1582
- if( 0 && g.perm.Debug ){
1583
- @message login\scard:\s%F(blob_str(&xfer.line))
1584
- }
15851581
 nLogin++;
15861582
 if( disableLogin ){
15871583
 g.perm.Read = g.perm.Write = g.perm.Private = g.perm.Admin = 1;
15881584
 }else if( nLogin > 1 ){
15891585
 cgi_reset_content();
15901586
--- src/xfer.c
+++ src/xfer.c
@@ -866,13 +866,13 @@
866 const char *zPw = db_column_text(&q, 0);
867 char *zSecret = sha1_shared_secret(zPw, blob_str(pLogin), 0);
868 blob_zero(&combined);
869 blob_copy(&combined, pNonce);
870 blob_append(&combined, zSecret, -1);
 
871 sha1sum_blob(&combined, &hash);
872 rc = blob_constant_time_cmp(&hash, pSig);
873 fossil_free(zSecret);
874 blob_reset(&hash);
875 blob_reset(&combined);
876 }
877 if( rc==0 ){
878 const char *zCap;
@@ -881,11 +881,10 @@
881 g.userUid = db_column_int(&q, 2);
882 g.zLogin = mprintf("%b", pLogin);
883 g.zNonce = mprintf("%b", pNonce);
884 }
885 }
886 /* @ message login\src=%d(rc)\sas\s%F(g.zLogin) */
887 db_finalize(&q);
888 return rc;
889 }
890
891 /*
@@ -1318,13 +1317,13 @@
1318 if( zScript ){ /* NOTE: Are TH1 transfer hooks enabled? */
1319 pzUuidList = &zUuidList;
1320 pnUuidList = &nUuidList;
1321 }
1322 if( g.syncInfo.zLoginCard ){
1323 /* Login card received via HTTP header X-Fossil-Xfer-Login */
1324 assert( g.syncInfo.bLoginCardHeader && "Set via HTTP header parser" );
1325 @ message got\slogin\scard\sheader:\s%F(g.syncInfo.zLoginCard)
1326 blob_zero(&xfer.line);
1327 blob_append(&xfer.line, g.syncInfo.zLoginCard, -1);
1328 xfer.nToken = blob_tokenize(&xfer.line, xfer.aToken,
1329 count(xfer.aToken));
1330 fossil_free( g.syncInfo.zLoginCard );
@@ -1577,13 +1576,10 @@
1577 */
1578 if( blob_eq(&xfer.aToken[0], "login")
1579 && xfer.nToken==4
1580 ){
1581 handle_login_card:
1582 if( 0 && g.perm.Debug ){
1583 @message login\scard:\s%F(blob_str(&xfer.line))
1584 }
1585 nLogin++;
1586 if( disableLogin ){
1587 g.perm.Read = g.perm.Write = g.perm.Private = g.perm.Admin = 1;
1588 }else if( nLogin > 1 ){
1589 cgi_reset_content();
1590
--- src/xfer.c
+++ src/xfer.c
@@ -866,13 +866,13 @@
866 const char *zPw = db_column_text(&q, 0);
867 char *zSecret = sha1_shared_secret(zPw, blob_str(pLogin), 0);
868 blob_zero(&combined);
869 blob_copy(&combined, pNonce);
870 blob_append(&combined, zSecret, -1);
871 fossil_free(zSecret);
872 sha1sum_blob(&combined, &hash);
873 rc = blob_constant_time_cmp(&hash, pSig);
 
874 blob_reset(&hash);
875 blob_reset(&combined);
876 }
877 if( rc==0 ){
878 const char *zCap;
@@ -881,11 +881,10 @@
881 g.userUid = db_column_int(&q, 2);
882 g.zLogin = mprintf("%b", pLogin);
883 g.zNonce = mprintf("%b", pNonce);
884 }
885 }
 
886 db_finalize(&q);
887 return rc;
888 }
889
890 /*
@@ -1318,13 +1317,13 @@
1317 if( zScript ){ /* NOTE: Are TH1 transfer hooks enabled? */
1318 pzUuidList = &zUuidList;
1319 pnUuidList = &nUuidList;
1320 }
1321 if( g.syncInfo.zLoginCard ){
1322 /* Login card received via HTTP header X-Fossil-Xfer-Login or
1323 ** x-f-x-l GET parameter. */
1324 assert( g.syncInfo.bLoginCardHeader && "Set via HTTP header/GET arg" );
1325 blob_zero(&xfer.line);
1326 blob_append(&xfer.line, g.syncInfo.zLoginCard, -1);
1327 xfer.nToken = blob_tokenize(&xfer.line, xfer.aToken,
1328 count(xfer.aToken));
1329 fossil_free( g.syncInfo.zLoginCard );
@@ -1577,13 +1576,10 @@
1576 */
1577 if( blob_eq(&xfer.aToken[0], "login")
1578 && xfer.nToken==4
1579 ){
1580 handle_login_card:
 
 
 
1581 nLogin++;
1582 if( disableLogin ){
1583 g.perm.Read = g.perm.Write = g.perm.Private = g.perm.Admin = 1;
1584 }else if( nLogin > 1 ){
1585 cgi_reset_content();
1586

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button