httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thom May <t...@planetarytramp.net>
Subject [PATCH] htpasswd: sanity check the passwd file
Date Tue, 02 Jul 2002 22:28:01 GMT
This patch adds some sanity checking to ensure we don't blow away a file
that is not a htpasswd file.
-- 
Thom May -> thom@planetarytramp.net

Memes don't exist.
Tell your friends.
	--NTK


Index: support/htpasswd.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/support/htpasswd.c,v
retrieving revision 1.50
diff -u -u -r1.50 htpasswd.c
--- support/htpasswd.c	2 Jul 2002 19:48:38 -0000	1.50
+++ support/htpasswd.c	2 Jul 2002 22:22:40 -0000
@@ -77,6 +77,7 @@
  *  5: Failure; buffer would overflow (username, filename, or computed
  *     record too long)
  *  6: Failure; username contains illegal or reserved characters
+ *  7: Failure; file is not a valid htpasswd file
  */
 
 #include "apr.h"
@@ -133,6 +134,7 @@
 #define ERR_INTERRUPTED 4
 #define ERR_OVERFLOW 5
 #define ERR_BADUSER 6
+#define ERR_INVALID 7
 
 #define APHTP_NEWFILE        1
 #define APHTP_NOFILE         2
@@ -584,6 +586,18 @@
             if (colon != NULL) {
                 *colon = '\0';
             }
+            else {
+                /*
+                 * If we've not got a colon on the line, this could well 
+                 * not be a valid htpasswd file.
+                 * We should bail at this point.
+                 */
+                apr_file_printf(errfile, "\n%s: The file %s does not appear "
+                                         "to be a valid htpasswd file.\n",
+                                argv[0], pwfilename);
+                apr_file_close(fpw);
+                exit(ERR_INVALID);
+            }
             if (strcmp(user, scratch) != 0) {
                 putline(ftemp, line);
                 continue;

Mime
View raw message