httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@hyperreal.org
Subject cvs commit: apache-1.3/src/support htpasswd.c
Date Thu, 08 Apr 1999 20:56:45 GMT
coar        99/04/08 13:56:44

  Modified:    src      CHANGES
               src/ap   ap_md5c.c
               src/include ap_md5.h
               src/main http_core.c util_md5.c
               src/support htpasswd.c
  Log:
  	Passwords, as user input, may not be 7-bit ASCII -- so we need
  	to treat them as unsigned char*'s.  No surprises there; this
  	just regularises the usage so we don't get compilation messages.
  
  Revision  Changes    Path
  1.1300    +4 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1299
  retrieving revision 1.1300
  diff -u -r1.1299 -r1.1300
  --- CHANGES	1999/04/08 11:36:37	1.1299
  +++ CHANGES	1999/04/08 20:56:34	1.1300
  @@ -1,4 +1,8 @@
   Changes with Apache 1.3.7
  +  *) Correct the signed/unsigned character handling for the MD5 routines;
  +     mismatches were causing compilation problems with gcc -pedantic and
  +     in the TPF cross-compilation.  [Ken Coar]
  +
     *) OS/2: Rework CGI handling to use spawn*() instead of fork/exec, achieving
        a roughly 5 fold speed up. [Brian Havard]
   
  
  
  
  1.25      +35 -25    apache-1.3/src/ap/ap_md5c.c
  
  Index: ap_md5c.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/ap/ap_md5c.c,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -u -r1.24 -r1.25
  --- ap_md5c.c	1999/03/25 16:43:21	1.24
  +++ ap_md5c.c	1999/04/08 20:56:38	1.25
  @@ -181,7 +181,7 @@
   
   /* MD5 initialization. Begins an MD5 operation, writing a new context.
    */
  -API_EXPORT(void) ap_MD5Init(AP_MD5_CTX * context)
  +API_EXPORT(void) ap_MD5Init(AP_MD5_CTX *context)
   {
       context->count[0] = context->count[1] = 0;
       /* Load magic initialization constants. */
  @@ -195,8 +195,8 @@
      operation, processing another message block, and updating the
      context.
    */
  -API_EXPORT(void) ap_MD5Update(AP_MD5_CTX * context, const unsigned char *input,
  -			   unsigned int inputLen)
  +API_EXPORT(void) ap_MD5Update(AP_MD5_CTX *context, const unsigned char *input,
  +			      unsigned int inputLen)
   {
       unsigned int i, idx, partLen;
   
  @@ -204,8 +204,10 @@
       idx = (unsigned int) ((context->count[0] >> 3) & 0x3F);
   
       /* Update number of bits */
  -    if ((context->count[0] += ((UINT4) inputLen << 3)) < ((UINT4) inputLen
<< 3))
  +    if ((context->count[0] += ((UINT4) inputLen << 3))
  +	< ((UINT4) inputLen << 3)) {
   	context->count[1]++;
  +    }
       context->count[1] += (UINT4) inputLen >> 29;
   
       partLen = 64 - idx;
  @@ -216,13 +218,15 @@
   	memcpy(&context->buffer[idx], input, partLen);
   	MD5Transform(context->state, context->buffer);
   
  -	for (i = partLen; i + 63 < inputLen; i += 64)
  +	for (i = partLen; i + 63 < inputLen; i += 64) {
   	    MD5Transform(context->state, &input[i]);
  +	}
   
   	idx = 0;
       }
  -    else
  +    else {
   	i = 0;
  +    }
   
       /* Buffer remaining input */
       memcpy(&context->buffer[idx], &input[i], inputLen - i);
  @@ -239,8 +243,9 @@
   
   	idx = 0;
       }
  -    else
  +    else {
   	i = 0;
  +    }
   
       /* Buffer remaining input */
       ebcdic2ascii_strictly(&context->buffer[idx], &input[i], inputLen - i);
  @@ -250,7 +255,7 @@
   /* MD5 finalization. Ends an MD5 message-digest operation, writing the
      the message digest and zeroizing the context.
    */
  -API_EXPORT(void) ap_MD5Final(unsigned char digest[16], AP_MD5_CTX * context)
  +API_EXPORT(void) ap_MD5Final(unsigned char digest[16], AP_MD5_CTX *context)
   {
       unsigned char bits[8];
       unsigned int idx, padLen;
  @@ -277,10 +282,10 @@
       /* Pad out to 56 mod 64. */
       idx = (unsigned int) ((context->count[0] >> 3) & 0x3f);
       padLen = (idx < 56) ? (56 - idx) : (120 - idx);
  -    ap_MD5Update(context, PADDING, padLen);
  +    ap_MD5Update(context, (const unsigned char *)PADDING, padLen);
   
       /* Append length (before padding) */
  -    ap_MD5Update(context, bits, 8);
  +    ap_MD5Update(context, (const unsigned char *)bits, 8);
   
       /* Store state in digest */
       Encode(digest, context->state, 16);
  @@ -429,7 +434,8 @@
       }
   }
   
  -API_EXPORT(void) ap_MD5Encode(const char *pw, const char *salt,
  +API_EXPORT(void) ap_MD5Encode(const unsigned char *pw,
  +			      const unsigned char *salt,
   			      char *result, size_t nbytes)
   {
       /*
  @@ -439,9 +445,11 @@
        */
   
       char passwd[120], *p;
  -    const char *sp, *ep;
  +    const unsigned char *sp, *ep;
       unsigned char final[16];
  -    int sl, pl, i;
  +    int i;
  +    unsigned int sl, pl;
  +    unsigned int pwlen;
       AP_MD5_CTX ctx, ctx1;
       unsigned long l;
   
  @@ -455,7 +463,7 @@
       /*
        * If it starts with the magic string, then skip that.
        */
  -    if (!strncmp(sp, apr1_id, strlen(apr1_id))) {
  +    if (!strncmp((char *)sp, apr1_id, strlen(apr1_id))) {
   	sp += strlen(apr1_id);
       }
   
  @@ -476,15 +484,16 @@
        */
       ap_MD5Init(&ctx);
   
  +    pwlen = strlen((char *)pw);
       /*
        * The password first, since that is what is most unknown
        */
  -    ap_MD5Update(&ctx, pw, strlen(pw));
  +    ap_MD5Update(&ctx, pw, pwlen);
   
       /*
        * Then our magic string
        */
  -    ap_MD5Update(&ctx, apr1_id, strlen(apr1_id));
  +    ap_MD5Update(&ctx, (const unsigned char *)apr1_id, strlen(apr1_id));
   
       /*
        * Then the raw salt
  @@ -495,11 +504,11 @@
        * Then just as many characters of the MD5(pw, salt, pw)
        */
       ap_MD5Init(&ctx1);
  -    ap_MD5Update(&ctx1, pw, strlen(pw));
  +    ap_MD5Update(&ctx1, pw, pwlen);
       ap_MD5Update(&ctx1, sp, sl);
  -    ap_MD5Update(&ctx1, pw, strlen(pw));
  +    ap_MD5Update(&ctx1, pw, pwlen);
       ap_MD5Final(final, &ctx1);
  -    for(pl = strlen(pw); pl > 0; pl -= 16) {
  +    for(pl = pwlen; pl > 0; pl -= 16) {
   	ap_MD5Update(&ctx, final, (pl > 16) ? 16 : pl);
       }
   
  @@ -511,7 +520,7 @@
       /*
        * Then something really weird...
        */
  -    for (i = strlen(pw); i != 0; i >>= 1) {
  +    for (i = pwlen; i != 0; i >>= 1) {
   	if (i & 1) {
   	    ap_MD5Update(&ctx, final, 1);
   	}
  @@ -525,7 +534,7 @@
        * can use the string routines without bounds checking.
        */
       strcpy(passwd, apr1_id);
  -    strncat(passwd, sp, sl);
  +    strncat(passwd, (char *)sp, sl);
       strcat(passwd, "$");
   
       ap_MD5Final(final, &ctx);
  @@ -538,7 +547,7 @@
       for (i = 0; i < 1000; i++) {
   	ap_MD5Init(&ctx1);
   	if (i & 1) {
  -	    ap_MD5Update(&ctx1, pw, strlen(pw));
  +	    ap_MD5Update(&ctx1, pw, pwlen);
   	}
   	else {
   	    ap_MD5Update(&ctx1, final, 16);
  @@ -548,14 +557,14 @@
   	}
   
   	if (i % 7) {
  -	    ap_MD5Update(&ctx1, pw, strlen(pw));
  +	    ap_MD5Update(&ctx1, pw, pwlen);
   	}
   
   	if (i & 1) {
   	    ap_MD5Update(&ctx1, final, 16);
   	}
   	else {
  -	    ap_MD5Update(&ctx1, pw, strlen(pw));
  +	    ap_MD5Update(&ctx1, pw, pwlen);
   	}
   	ap_MD5Final(final,&ctx1);
       }
  @@ -594,7 +603,8 @@
   	/*
   	 * The hash was created using our custom algorithm.
   	 */
  -	ap_MD5Encode(passwd, hash, sample, sizeof(sample));
  +	ap_MD5Encode((const unsigned char *)passwd,
  +		     (const unsigned char *)hash, sample, sizeof(sample));
       }
       else {
   	/*
  
  
  
  1.5       +6 -5      apache-1.3/src/include/ap_md5.h
  
  Index: ap_md5.h
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/include/ap_md5.h,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- ap_md5.h	1999/02/03 16:22:31	1.4
  +++ ap_md5.h	1999/04/08 20:56:39	1.5
  @@ -104,11 +104,12 @@
       unsigned char buffer[64];	/* input buffer */
   } AP_MD5_CTX;
   
  -API_EXPORT(void) ap_MD5Init(AP_MD5_CTX * context);
  -API_EXPORT(void) ap_MD5Update(AP_MD5_CTX * context, const unsigned char *input,
  -			   unsigned int inputLen);
  -API_EXPORT(void) ap_MD5Final(unsigned char digest[16], AP_MD5_CTX * context);
  -API_EXPORT(void) ap_MD5Encode(const char *password, const char *salt,
  +API_EXPORT(void) ap_MD5Init(AP_MD5_CTX *context);
  +API_EXPORT(void) ap_MD5Update(AP_MD5_CTX *context, const unsigned char *input,
  +			      unsigned int inputLen);
  +API_EXPORT(void) ap_MD5Final(unsigned char digest[16], AP_MD5_CTX *context);
  +API_EXPORT(void) ap_MD5Encode(const unsigned char *password,
  +			      const unsigned char *salt,
   			      char *result, size_t nbytes);
   API_EXPORT(char *) ap_validate_password(const char *passwd, const char *hash);
   
  
  
  
  1.257     +1 -1      apache-1.3/src/main/http_core.c
  
  Index: http_core.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/main/http_core.c,v
  retrieving revision 1.256
  retrieving revision 1.257
  diff -u -r1.256 -r1.257
  --- http_core.c	1999/03/19 23:54:08	1.256
  +++ http_core.c	1999/04/08 20:56:43	1.257
  @@ -3101,7 +3101,7 @@
   	    AP_MD5_CTX context;
   	    
   	    ap_MD5Init(&context);
  -	    ap_MD5Update(&context, (void *)mm, r->finfo.st_size);
  +	    ap_MD5Update(&context, (void *)mm, (unsigned int)r->finfo.st_size);
   	    ap_table_setn(r->headers_out, "Content-MD5",
   			  ap_md5contextTo64(r->pool, &context));
   	}
  
  
  
  1.18      +3 -3      apache-1.3/src/main/util_md5.c
  
  Index: util_md5.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/main/util_md5.c,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- util_md5.c	1999/01/01 19:04:53	1.17
  +++ util_md5.c	1999/04/08 20:56:43	1.18
  @@ -100,7 +100,7 @@
        */
   
       ap_MD5Init(&my_md5);
  -    ap_MD5Update(&my_md5, buf, length);
  +    ap_MD5Update(&my_md5, buf, (unsigned int)length);
       ap_MD5Final(hash, &my_md5);
   
       for (i = 0, r = result; i < 16; i++) {
  @@ -114,7 +114,7 @@
   
   API_EXPORT(char *) ap_md5(pool *p, const unsigned char *string)
   {
  -    return ap_md5_binary(p, string, strlen(string));
  +    return ap_md5_binary(p, string, (int) strlen((char *)string));
   }
   
   /* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */
  @@ -192,7 +192,7 @@
       AP_MD5_CTX context;
       unsigned char buf[1000];
       long length = 0;
  -    int nbytes;
  +    unsigned int nbytes;
   
       ap_MD5Init(&context);
       while ((nbytes = fread(buf, 1, sizeof(buf), infile))) {
  
  
  
  1.25      +2 -1      apache-1.3/src/support/htpasswd.c
  
  Index: htpasswd.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/support/htpasswd.c,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -u -r1.24 -r1.25
  --- htpasswd.c	1999/03/19 21:20:48	1.24
  +++ htpasswd.c	1999/04/08 20:56:44	1.25
  @@ -247,7 +247,8 @@
   
       switch (alg) {
       case ALG_APMD5:
  -	ap_MD5Encode(pw, salt, cpw, sizeof(cpw));
  +	ap_MD5Encode((const unsigned char *)pw, (const unsigned char *)salt,
  +		     cpw, sizeof(cpw));
   	break;
       case ALG_CRYPT:
   	ap_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
  
  
  

Mime
View raw message