if (login.isEmpty())
return;
+ if (!login[0]) {
+ debugs(9, 2, "WARNING: Ignoring FTP credentials that start with a NUL character");
+ // TODO: Either support credentials with NUL characters (in any position) or ban all of them.
+ return;
+ }
+
const SBuf::size_type colonPos = login.find(':');
/* If there was a username part with at least one character use it.
/* Test URL login syntax. Overrides any headers received. */
loginParser(request->url.userInfo(), true);
- /* name is missing. thats fatal. */
- if (!user[0])
- fatal("FTP login parsing destroyed username info");
+ // XXX: We we keep default "anonymous" instead of properly supporting empty usernames.
+ Must(user[0]);
/* name + password == success */
if (password[0])