From b0af666cb43c8df0a7bd867f53bad8ae76d0e113 Mon Sep 17 00:00:00 2001
From: John Crispin <john@phrozen.org>
Date: Fri, 4 Feb 2022 06:47:30 +0100
Subject: [PATCH] opennds: fix a segfault caused that can be triggered via a
 bad url parameter

Fixes: WIFI-6724
Signed-off-by: John Crispin <john@phrozen.org>
---
 feeds/ucentral/opennds/patches/200-exploits.patch | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 feeds/ucentral/opennds/patches/200-exploits.patch

diff --git a/feeds/ucentral/opennds/patches/200-exploits.patch b/feeds/ucentral/opennds/patches/200-exploits.patch
new file mode 100644
index 000000000..3ee7f8d8f
--- /dev/null
+++ b/feeds/ucentral/opennds/patches/200-exploits.patch
@@ -0,0 +1,13 @@
+Index: openNDS-9.0.0/src/http_microhttpd.c
+===================================================================
+--- openNDS-9.0.0.orig/src/http_microhttpd.c
++++ openNDS-9.0.0/src/http_microhttpd.c
+@@ -531,7 +531,7 @@ static int try_to_authenticate(struct MH
+ 		debug(LOG_DEBUG, "client->token=%s tok=%s ", client->token, tok );
+ 
+ 		//Check if token (tok) or hash_id (hid) mode
+-		if (strlen(tok) > 8) {
++		if (tok && strlen(tok) > 8) {
+ 			// hid mode
+ 			hash_str(hid, sizeof(hid), client->token);
+ 			safe_asprintf(&rhidraw, "%s%s", hid, config->fas_key);