X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/agedu/blobdiff_plain/15e738400fc6d322b0caad7a5a7ef1dcaea5065f..b5af45d3e37e570183ff09f40c4e8ef09241ade2:/httpd.c

diff --git a/httpd.c b/httpd.c
index bbe82ab..fcdd68e 100644
--- a/httpd.c
+++ b/httpd.c
@@ -262,23 +262,29 @@ char *got_data(struct connctx *ctx, char *data, int length,
 	if (!magic_access && !auth_correct) {
 	    if (auth_string) {
 		ret = http_error("401", "Unauthorized",
-				 "WWW-Authenticate: Basic realm=\""PNAME"\"\r",
+				 "WWW-Authenticate: Basic realm=\""PNAME"\"\r\n",
 				 "\nYou must authenticate to view these pages.");
 	    } else {
 		ret = http_error("403", "Forbidden", NULL,
 				 "This is a restricted-access set of pages.");
 	    }
 	} else {
+	    char *q;
 	    p = ctx->url;
 	    p += strspn(p, "/?");
-	    index = strtoul(p, NULL, 10);
-	    document = html_query(ctx->t, index, cfg);
-	    if (document) {
-		ret = http_success("text/html", 1, document);
-		sfree(document);
-	    } else {
+	    index = strtoul(p, &q, 10);
+	    if (*q) {
 		ret = http_error("404", "Not Found", NULL,
-				 "Pathname index out of range.");
+				 "This is not a valid pathname index.");
+	    } else {
+		document = html_query(ctx->t, index, cfg);
+		if (document) {
+		    ret = http_success("text/html", 1, document);
+		    sfree(document);
+		} else {
+		    ret = http_error("404", "Not Found", NULL,
+				     "Pathname index out of range.");
+		}
 	    }
 	}
 	return ret;
@@ -362,9 +368,11 @@ int check_owning_uid(int fd, int flip)
 	while (fgets(linebuf, sizeof(linebuf), fp)) {
 	    if (strlen(linebuf) >= 75 &&
 		!strncmp(linebuf+6, matchbuf, strlen(matchbuf))) {
+		fclose(fp);
 		return atoi(linebuf + 75);
 	    }
 	}
+	fclose(fp);
     }
 
     return -1;