httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From thom...@apache.org
Subject cvs commit: httpd-2.0/support htpasswd.c
Date Tue, 13 May 2003 17:18:39 GMT
thommay     2003/05/13 10:18:39

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
               support  Tag: APACHE_2_0_BRANCH htpasswd.c
  Log:
  backport a sanity check for htpasswd - verify that the line contains exactly
  one colon, otherwise bail out.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.988.2.92 +4 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.91
  retrieving revision 1.988.2.92
  diff -u -r1.988.2.91 -r1.988.2.92
  --- CHANGES	13 May 2003 16:53:04 -0000	1.988.2.91
  +++ CHANGES	13 May 2003 17:18:38 -0000	1.988.2.92
  @@ -1,5 +1,9 @@
   Changes with Apache 2.0.46
   
  +  *) htpasswd: Check the processed file on validity. If a line is not empty
  +     and not a comment, it must contain at least one colon. Otherwise exit
  +     with error code 7. [Kris Verbeeck <Kris.Verbeeck@ubizen.com>, Thom May]
  +
     *) Fix a problem that caused httpd to be linked with incorrect flags
        on some platforms when mod_so was enabled by default, breaking 
        DSOs on AIX.  PR 19012  [Jeff Trawick]
  
  
  
  1.751.2.259 +1 -5      httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.258
  retrieving revision 1.751.2.259
  diff -u -r1.751.2.258 -r1.751.2.259
  --- STATUS	13 May 2003 17:00:45 -0000	1.751.2.258
  +++ STATUS	13 May 2003 17:18:38 -0000	1.751.2.259
  @@ -220,10 +220,6 @@
         docs/conf/httpd-win.conf: r1.85
         +1: nd, trawick, stoddard
   
  -    * Check the validity of the processed htpassword file. If a line is 
  -      not empty and not a comment, it must contain at least one colon.
  -      support/htpasswd.c: r1.69
  -      +1: thommay, nd, trawick
   
       * Ensure that ssl-std.conf is generated at configure time, and switch
         to using the expanded config variables to work the same as 
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.67.2.2  +14 -0     httpd-2.0/support/htpasswd.c
  
  Index: htpasswd.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/support/htpasswd.c,v
  retrieving revision 1.67.2.1
  retrieving revision 1.67.2.2
  diff -u -r1.67.2.1 -r1.67.2.2
  --- htpasswd.c	3 Feb 2003 17:32:09 -0000	1.67.2.1
  +++ htpasswd.c	13 May 2003 17:18:39 -0000	1.67.2.2
  @@ -77,6 +77,7 @@
    *  5: Failure; buffer would overflow (username, filename, or computed
    *     record too long)
    *  6: Failure; username contains illegal or reserved characters
  + *  7: Failure; file is not a valid htpasswd file
    */
   
   #include "apr.h"
  @@ -133,6 +134,7 @@
   #define ERR_INTERRUPTED 4
   #define ERR_OVERFLOW 5
   #define ERR_BADUSER 6
  +#define ERR_INVALID 7
   
   #define APHTP_NEWFILE        1
   #define APHTP_NOFILE         2
  @@ -577,6 +579,18 @@
               colon = strchr(scratch, ':');
               if (colon != NULL) {
                   *colon = '\0';
  +            }
  +            else {
  +                /*
  +                 * If we've not got a colon on the line, this could well 
  +                 * not be a valid htpasswd file.
  +                 * We should bail at this point.
  +                 */
  +                apr_file_printf(errfile, "\n%s: The file %s does not appear "
  +                                         "to be a valid htpasswd file.\n",
  +                                argv[0], pwfilename);
  +                apr_file_close(fpw);
  +                exit(ERR_INVALID);
               }
               if (strcmp(user, scratch) != 0) {
                   putline(ftemp, line);
  
  
  

Mime
View raw message