httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thom May <t...@planetarytramp.net>
Subject [1.3 PATCH] add sanity check for htpasswd
Date Fri, 23 May 2003 12:18:02 GMT
Any objections to backporting this one to 1.3?
It's not quite the same, but to get the operation exactly the same would
require some fairly major changes in the program flow and I wasn't convinced
that would be a good thing.
-T


Index: htpasswd.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/support/htpasswd.c,v
retrieving revision 1.46
diff -u -u -r1.46 htpasswd.c
--- htpasswd.c	3 Feb 2003 17:13:37 -0000	1.46
+++ htpasswd.c	23 May 2003 12:02:23 -0000
@@ -78,6 +78,7 @@
  *  5: Failure; buffer would overflow (username, filename, or computed
  *     record too long)
  *  6: Failure; username contains illegal or reserved characters
+ *  7: Failure; file is not a valid htpasswd file
  */
 
 #include "ap_config.h"
@@ -120,6 +121,7 @@
 #define ERR_INTERRUPTED 4
 #define ERR_OVERFLOW 5
 #define ERR_BADUSER 6
+#define ERR_INVALID 7
 
 /*
  * This needs to be declared statically so the signal handler can
@@ -605,6 +607,18 @@
 	    if (colon != NULL) {
 		*colon = '\0';
 	    }
+            else {
+                /*
+                 * If we've not got a colon on the line, this could well 
+                 * not be a valid htpasswd file.
+                 * We should bail at this point.
+                 */
+                fprintf(stderr, "\n%s: the file %s does not appear to be "
+                                "to be a valid htpasswd file.\n",
+                        argv[0], pwfilename);
+                fclose(fpw);
+                exit(ERR_INVALID);
+            }
 	    if (strcmp(user, scratch) != 0) {
 		putline(ftemp, line);
 		continue;

Mime
View raw message