httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r1476674 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS support/htpasswd.c support/passwd_common.c
Date Sat, 27 Apr 2013 21:27:44 GMT
Author: minfrin
Date: Sat Apr 27 21:27:43 2013
New Revision: 1476674

URL: http://svn.apache.org/r1476674
Log:
htpasswd/htdbm: Fix hash generation bug. PR 54735

trunk patch: https://svn.apache.org/r1465115

Submitted by: MadMaverick9 <asfbugzilla meinkino.ch>
Reviewed by: sf, covener, minfrin

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/support/htpasswd.c
    httpd/httpd/branches/2.4.x/support/passwd_common.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1465115

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1476674&r1=1476673&r2=1476674&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sat Apr 27 21:27:43 2013
@@ -2,6 +2,8 @@
 
 Changes with Apache 2.4.5
 
+  *) htpasswd, htdbm: Fix password generation. PR 54735. [Stefan Fritsch]
+
   *) core: Add workaround for gcc bug on sparc/64bit. PR 52900.
      [Stefan Fritsch]
 

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1476674&r1=1476673&r2=1476674&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Sat Apr 27 21:27:43 2013
@@ -95,11 +95,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
       2.4.x patch: trunk patches work
       +1: sf, humbedooh, covener
 
-    * htpasswd/htdbm: Fix hash generation bug. PR 54735
-      trunk patches: https://svn.apache.org/r1465115
-      2.4.x patch: trunk patches work
-      +1: sf, covener, minfrin
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

Modified: httpd/httpd/branches/2.4.x/support/htpasswd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/support/htpasswd.c?rev=1476674&r1=1476673&r2=1476674&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/support/htpasswd.c (original)
+++ httpd/httpd/branches/2.4.x/support/htpasswd.c Sat Apr 27 21:27:43 2013
@@ -253,7 +253,6 @@ static void check_args(int argc, const c
 int main(int argc, const char * const argv[])
 {
     apr_file_t *fpw = NULL;
-    const char *errstr = NULL;
     char line[MAX_STRING_LEN];
     char *pwfilename = NULL;
     char *user = NULL;
@@ -345,7 +344,7 @@ int main(int argc, const char * const ar
     if (!(mask & APHTP_DELUSER)) {
         i = mkrecord(&ctx, user);
         if (i != 0) {
-            apr_file_printf(errfile, "%s: %s" NL, argv[0], errstr);
+            apr_file_printf(errfile, "%s: %s" NL, argv[0], ctx.errstr);
             exit(i);
         }
         if (mask & APHTP_NOFILE) {

Modified: httpd/httpd/branches/2.4.x/support/passwd_common.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/support/passwd_common.c?rev=1476674&r1=1476673&r2=1476674&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/support/passwd_common.c (original)
+++ httpd/httpd/branches/2.4.x/support/passwd_common.c Sat Apr 27 21:27:43 2013
@@ -113,17 +113,17 @@ void putline(apr_file_t *f, const char *
 
 int get_password(struct passwd_ctx *ctx)
 {
+    char buf[MAX_STRING_LEN + 1];
     if (ctx->passwd_src == PW_STDIN) {
-        char *buf = ctx->out;
         apr_file_t *file_stdin;
         apr_size_t nread;
         if (apr_file_open_stdin(&file_stdin, ctx->pool) != APR_SUCCESS) {
             ctx->errstr = "Unable to read from stdin.";
             return ERR_GENERAL;
         }
-        if (apr_file_read_full(file_stdin, buf, ctx->out_len - 1,
+        if (apr_file_read_full(file_stdin, buf, sizeof(buf) - 1,
                                &nread) != APR_EOF
-            || nread == ctx->out_len - 1) {
+            || nread == sizeof(buf) - 1) {
             goto err_too_long;
         }
         buf[nread] = '\0';
@@ -133,21 +133,24 @@ int get_password(struct passwd_ctx *ctx)
                 buf[nread-2] = '\0';
         }
         apr_file_close(file_stdin);
+        ctx->passwd = apr_pstrdup(ctx->pool, buf);
     }
     else {
-        char buf[MAX_STRING_LEN + 1];
         apr_size_t bufsize = sizeof(buf);
-        if (apr_password_get("New password: ", ctx->out, &ctx->out_len) != 0)
+        if (apr_password_get("New password: ", buf, &bufsize) != 0)
             goto err_too_long;
+        ctx->passwd = apr_pstrdup(ctx->pool, buf);
+        bufsize = sizeof(buf);
+        buf[0] = '\0';
         apr_password_get("Re-type new password: ", buf, &bufsize);
-        if (strcmp(ctx->out, buf) != 0) {
+        if (strcmp(ctx->passwd, buf) != 0) {
             ctx->errstr = "password verification error";
-            memset(ctx->out, '\0', ctx->out_len);
+            memset(ctx->passwd, '\0', strlen(ctx->passwd));
             memset(buf, '\0', sizeof(buf));
             return ERR_PWMISMATCH;
         }
-        memset(buf, '\0', sizeof(buf));
     }
+    memset(buf, '\0', sizeof(buf));
     return 0;
 
 err_too_long:
@@ -164,7 +167,6 @@ err_too_long:
 int mkhash(struct passwd_ctx *ctx)
 {
     char *pw;
-    char pwin[MAX_STRING_LEN];
     char salt[16];
     apr_status_t rv;
     int ret = 0;
@@ -177,14 +179,11 @@ int mkhash(struct passwd_ctx *ctx)
                         "Warning: Ignoring -C argument for this algorithm." NL);
     }
 
-    if (ctx->passwd != NULL) {
-        pw = ctx->passwd;
-    }
-    else {
+    if (ctx->passwd == NULL) {
         if ((ret = get_password(ctx)) != 0)
             return ret;
-        pw = pwin;
     }
+    pw = ctx->passwd;
 
     switch (ctx->alg) {
     case ALG_APSHA:
@@ -224,9 +223,7 @@ int mkhash(struct passwd_ctx *ctx)
 
         apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1);
         if (strlen(pw) > 8) {
-            char *truncpw = strdup(pw);
-            if (truncpw == NULL)
-                abort_on_oom(0);
+            char *truncpw = apr_pstrdup(ctx->pool, pw);
             truncpw[8] = '\0';
             if (!strcmp(ctx->out, crypt(truncpw, salt))) {
                 apr_file_printf(errfile, "Warning: Password truncated to 8 "



Mime
View raw message