httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r1375698 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS support/htdbm.c support/htpasswd.c
Date Tue, 21 Aug 2012 17:51:33 GMT
Author: wrowe
Date: Tue Aug 21 17:51:32 2012
New Revision: 1375698

URL: http://svn.apache.org/viewvc?rev=1375698&view=rev
Log:
* htdbm/htpasswd: fix handling of crypt() failures.


Backports: r1346905
Submitted by: Paul Wouters <pwouters redhat.com>, jorton
Reviewed by: rjung, trawick, wrowe


Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/support/htdbm.c
    httpd/httpd/branches/2.2.x/support/htpasswd.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1375698&r1=1375697&r2=1375698&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue Aug 21 17:51:32 2012
@@ -10,6 +10,9 @@ Changes with Apache 2.2.23
      possible XSS for a site where untrusted users can upload files to
      a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
 
+  *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled). 
+     [Paul Wouters <pwouters redhat.com>, Joe Orton]
+
   *) mod_ldap: Treat the "server unavailable" condition as a transient
      error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]
 

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1375698&r1=1375697&r2=1375698&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Tue Aug 21 17:51:32 2012
@@ -93,11 +93,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * htdbm/htpasswd: fix handling of crypt() failures.
-     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1346905
-     2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1356887
-     2.2.x patch: http://people.apache.org/~rjung/patches/htdbm-htpasswd-handling_crypt_failure-2_2.patch
-     +1: rjung, trawick, wrowe
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

Modified: httpd/httpd/branches/2.2.x/support/htdbm.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/htdbm.c?rev=1375698&r1=1375697&r2=1375698&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/support/htdbm.c (original)
+++ httpd/httpd/branches/2.2.x/support/htdbm.c Tue Aug 21 17:51:32 2012
@@ -288,6 +288,9 @@ static apr_status_t htdbm_make(htdbm_t *
 {
     char cpw[MAX_STRING_LEN];
     char salt[9];
+#if (!(defined(WIN32) || defined(NETWARE)))
+    char *cbuf;
+#endif
 
     switch (htdbm->alg) {
         case ALG_APSHA:
@@ -315,7 +318,15 @@ static apr_status_t htdbm_make(htdbm_t *
             (void) srand((int) time((time_t *) NULL));
             to64(&salt[0], rand(), 8);
             salt[8] = '\0';
-            apr_cpystrn(cpw, (char *)crypt(htdbm->userpass, salt), sizeof(cpw) - 1);
+            cbuf = crypt(htdbm->userpass, salt);
+            if (cbuf == NULL) {
+                char errbuf[128];
+                
+                fprintf(stderr, "crypt() failed: %s\n", 
+                        apr_strerror(errno, errbuf, sizeof errbuf));
+                exit(ERR_PWMISMATCH);
+            }
+            apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1);
             fprintf(stderr, "CRYPT is now deprecated, use MD5 instead!\n");
 #endif
         default:

Modified: httpd/httpd/branches/2.2.x/support/htpasswd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/htpasswd.c?rev=1375698&r1=1375697&r2=1375698&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/support/htpasswd.c (original)
+++ httpd/httpd/branches/2.2.x/support/htpasswd.c Tue Aug 21 17:51:32 2012
@@ -166,6 +166,9 @@ static int mkrecord(char *user, char *re
     char pwv[MAX_STRING_LEN];
     char salt[9];
     apr_size_t bufsize;
+#if (!(defined(WIN32) || defined(NETWARE)))
+    char *cbuf;
+#endif
 
     if (passwd != NULL) {
         pw = passwd;
@@ -218,7 +221,16 @@ static int mkrecord(char *user, char *re
         to64(&salt[0], rand(), 8);
         salt[8] = '\0';
 
-        apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1);
+        cbuf = crypt(pw, salt);
+        if (cbuf == NULL) {
+            char errbuf[128];
+
+            apr_snprintf(record, rlen-1, "crypt() failed: %s", 
+                         apr_strerror(errno, errbuf, sizeof errbuf));
+            return ERR_PWMISMATCH;
+        }
+
+        apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1);
         if (strlen(pw) > 8) {
             char *truncpw = strdup(pw);
             truncpw[8] = '\0';



Mime
View raw message