Fix NULL pointer dereference in webadmin.

Triggerable by any non-admin, if webadmin is loaded. The only affected version is 1.0 Thanks to ChauffeR (Simone Esposito) for reporting this.
2026-03-28 17:42:41 +01:00 · 2013-05-27 23:48:23 +04:00
parent def14c2b99
commit 2bd410ee55
1 changed files with 4 additions and 4 deletions
--- a/modules/webadmin.cpp
+++ b/modules/webadmin.cpp
@@ -426,7 +426,7 @@ public:
 			CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);

 			// Admin||Self Check
-			if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+			if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
 				return false;
 			}

@@ -455,7 +455,7 @@ public:
 			CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);

 			// Admin||Self Check
-			if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+			if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
 				return false;
 			}

@@ -479,7 +479,7 @@ public:
 			CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);

 			// Admin||Self Check
-			if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+			if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
 				return false;
 			}

@@ -493,7 +493,7 @@ public:
 			CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);

 			// Admin||Self Check
-			if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+			if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
 				return false;
 			}