apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r1346875 - in /apr/apr-util/branches/1.4.x: ./ CHANGES crypto/apr_md5.c
Date Wed, 06 Jun 2012 13:12:09 GMT
Author: jorton
Date: Wed Jun  6 13:12:08 2012
New Revision: 1346875

URL: http://svn.apache.org/viewvc?rev=1346875&view=rev
Log:
Merge r779396 from trunk:

* Failing crypt can cause a segfault. Check for result of crypt to avoid this.

PR: 47272
Submitted by: Arkadiusz Miskiewicz <arekm pld-linux.org>
Reviewed by: rpluem (trunk commit)

Modified:
    apr/apr-util/branches/1.4.x/   (props changed)
    apr/apr-util/branches/1.4.x/CHANGES
    apr/apr-util/branches/1.4.x/crypto/apr_md5.c

Propchange: apr/apr-util/branches/1.4.x/
------------------------------------------------------------------------------
  Merged /apr/apr/trunk:r779396

Modified: apr/apr-util/branches/1.4.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/CHANGES?rev=1346875&r1=1346874&r2=1346875&view=diff
==============================================================================
--- apr/apr-util/branches/1.4.x/CHANGES [utf-8] (original)
+++ apr/apr-util/branches/1.4.x/CHANGES [utf-8] Wed Jun  6 13:12:08 2012
@@ -1,6 +1,9 @@
                                                      -*- coding: utf-8 -*-
 Changes with APR-util 1.4.3
 
+  *) Fix segfaults in crypt() and crypt_r() failure modes.
+     PR 47272.  [Arkadiusz Miskiewicz <arekm pld-linux.org>]
+
   *) apr_crypto: Ensure that the if/else that governs the static
      initialisation of each crypto driver works when the first driver
      isn't in use. [Graham Leggett]

Modified: apr/apr-util/branches/1.4.x/crypto/apr_md5.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/crypto/apr_md5.c?rev=1346875&r1=1346874&r2=1346875&view=diff
==============================================================================
--- apr/apr-util/branches/1.4.x/crypto/apr_md5.c (original)
+++ apr/apr-util/branches/1.4.x/crypto/apr_md5.c Wed Jun  6 13:12:08 2012
@@ -721,6 +721,9 @@ APU_DECLARE(apr_status_t) apr_password_v
         CRYPTD buffer;
 
         crypt_pw = crypt_r(passwd, hash, &buffer);
+        if (!crypt_pw) {
+            return APR_EMISMATCH;
+        }
         apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
 #elif defined(CRYPT_R_STRUCT_CRYPT_DATA)
         struct crypt_data buffer;
@@ -732,6 +735,9 @@ APU_DECLARE(apr_status_t) apr_password_v
          */
         memset(&buffer, 0, sizeof(buffer));
         crypt_pw = crypt_r(passwd, hash, &buffer);
+        if (!crypt_pw) {
+            return APR_EMISMATCH;
+        }
         apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
 #else
         /* Do a bit of sanity checking since we know that crypt_r()
@@ -748,6 +754,10 @@ APU_DECLARE(apr_status_t) apr_password_v
          */
         crypt_mutex_lock();
         crypt_pw = crypt(passwd, hash);
+        if (!crypt_pw) {
+            crypt_mutex_unlock();
+            return APR_EMISMATCH;
+        }
         apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
         crypt_mutex_unlock();
 #endif



Mime
View raw message