httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Life is hard, and then you die." <ron...@innovation.ch>
Subject Re: [Bug] htpasswd SHA doean't work (was: real 1.3.9 status)
Date Sun, 15 Aug 1999 19:56:03 GMT

> Out of curiosity, I tried the new password hashing schemes.
> And, no: the htpasswd does NOT work for me (mips-siemens-svr4).
[snip]
> With md5, I tried
>     % htpasswd -b -m .htpasswd basicmd5 martin
> the file .htpasswd contains:
>     basicmd5:$apr1CJw1iXyQ.kpymMHqZ3Cvk.
> looks better --  but doesn't work:
> [Sun Aug 15 21:04:36 1999] [error] [client 139.25.105.238] user basicmd5: authentication
failure for "/~martin/secret/rini.ps": password mismatch
> Even when supplying the correct password "martin".

Yah, same problem here:

Index: ap_md5c.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/ap/ap_md5c.c,v
retrieving revision 1.30
diff -u -r1.30 ap_md5c.c
--- ap_md5c.c   1999/08/14 09:31:04     1.30
+++ ap_md5c.c   1999/08/15 19:55:17
@@ -527,8 +527,8 @@
      * Now make the output string.  We know our limitations, so we
      * can use the string routines without bounds checking.
      */
-    ap_cpystrn(passwd, AP_MD5PW_ID, AP_MD5PW_IDLEN);
-    ap_cpystrn(passwd + AP_MD5PW_IDLEN, (char *)sp, sl);
+    ap_cpystrn(passwd, AP_MD5PW_ID, AP_MD5PW_IDLEN + 1);
+    ap_cpystrn(passwd + AP_MD5PW_IDLEN, (char *)sp, sl + 1);
     passwd[AP_MD5PW_IDLEN + sl]     = '$';
     passwd[AP_MD5PW_IDLEN + sl + 1] = '\0';
 


  Cheers,

  Ronald


Mime
View raw message