httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wilson <awil...@hyperreal.com>
Subject bug: mod_auth.c mistreats data after password (fwd)
Date Wed, 31 Jan 1996 03:26:19 GMT
Acked.  I thought that the .htpasswd file only took 2 fields.
Since when has there ever been other stuff?  Shout if you want me
to me to rerol this patch and upload it.

> From stout@tardis.et.tudelft.nl  Mon Jan 29 05:47:07 1996
> From: stout@tardis.et.tudelft.nl (Rob Stout)
> Message-Id: <199601291346.OAA10660@tardis.et.tudelft.nl>
> Subject: bug: mod_auth.c mistreats data after password
> To: apache-bugs@apache.org
> Date: Mon, 29 Jan 1996 14:46:44 +0100 (MET)
> X-Mailer: ELM [version 2.4 PL25]
> MIME-Version: 1.0
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: 7bit
> Content-Length: 1483      
> 
> Hello,
> 
> Unlike mod_auth_dbm.c, mod_auth.c mistreats data after password.
>   me:H9y4/kmFYiMj2
> will work, but:
>   me:H9y4/kmFYiMj2:other stuff
> doesn't.
> I simply copied three lines from mod_auth_dbm.c to fix this bug.
> A patchfile is at the end of this message.
> Thanx for providing Apache, bye,
>                                         Rob.
> --
> stout@duteca.et.tudelft.nl -- +31 15 2625214 or +31 65 9297915
> <a href = "http://einstein.et.tudelft.nl/~stout/index.html"> About me </a>
> 
> --- mod_auth.c.orig	Mon Jan 29 14:27:28 1996
> +++ mod_auth.c	Mon Jan 29 14:32:54 1996
> @@ -58,6 +58,10 @@
>   * Rob McCool
>   * 
>   * Adapted to Shambhala by rst.
> + *
> + * Change log:
> + * 15.Dec.95 Now allows a colon and more following the password
> + *           (copied from mod_auth_dbm.c) stout@duteca.et.tudelft.nl
>   */
>  
>  #include "httpd.h"
> @@ -161,7 +165,7 @@
>      auth_config_rec *sec =
>        (auth_config_rec *)get_module_config (r->per_dir_config, &auth_module);
>      conn_rec *c = r->connection;
> -    char *sent_pw, *real_pw;
> +    char *sent_pw, *real_pw, *colon_pw;
>      char errstr[MAX_STRING_LEN];
>      int res;
>      
> @@ -176,6 +180,9 @@
>  	note_basic_auth_failure (r);
>  	return AUTH_REQUIRED;
>      }
> +    /* Password is up to first : if exists */
> +    colon_pw = strchr(real_pw,':');
> +    if (colon_pw) *colon_pw='\0';   
>      /* anyone know where the prototype for crypt is? */
>      if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
>          sprintf(errstr,"user %s: password mismatch",c->user);
> 


Mime
View raw message