66 lines
1.9 KiB
Diff
66 lines
1.9 KiB
Diff
# ./pullrev.sh 1346905
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=818684
|
|
|
|
http://svn.apache.org/viewvc?view=revision&revision=1346905
|
|
|
|
--- httpd-2.4.2/support/htdbm.c
|
|
+++ httpd-2.4.2/support/htdbm.c
|
|
@@ -288,6 +288,9 @@
|
|
{
|
|
char cpw[MAX_STRING_LEN];
|
|
char salt[9];
|
|
+#if (!(defined(WIN32) || defined(NETWARE)))
|
|
+ char *cbuf;
|
|
+#endif
|
|
|
|
switch (htdbm->alg) {
|
|
case ALG_APSHA:
|
|
@@ -315,7 +318,15 @@
|
|
(void) srand((int) time((time_t *) NULL));
|
|
to64(&salt[0], rand(), 8);
|
|
salt[8] = '\0';
|
|
- apr_cpystrn(cpw, crypt(htdbm->userpass, salt), sizeof(cpw) - 1);
|
|
+ cbuf = crypt(htdbm->userpass, salt);
|
|
+ if (cbuf == NULL) {
|
|
+ char errbuf[128];
|
|
+
|
|
+ fprintf(stderr, "crypt() failed: %s\n",
|
|
+ apr_strerror(errno, errbuf, sizeof errbuf));
|
|
+ exit(ERR_PWMISMATCH);
|
|
+ }
|
|
+ apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1);
|
|
fprintf(stderr, "CRYPT is now deprecated, use MD5 instead!\n");
|
|
#endif
|
|
default:
|
|
--- httpd-2.4.2/support/htpasswd.c
|
|
+++ httpd-2.4.2/support/htpasswd.c
|
|
@@ -174,6 +174,9 @@
|
|
char pwv[MAX_STRING_LEN];
|
|
char salt[9];
|
|
apr_size_t bufsize;
|
|
+#if CRYPT_ALGO_SUPPORTED
|
|
+ char *cbuf;
|
|
+#endif
|
|
|
|
if (passwd != NULL) {
|
|
pw = passwd;
|
|
@@ -226,7 +229,16 @@
|
|
to64(&salt[0], rand(), 8);
|
|
salt[8] = '\0';
|
|
|
|
- apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1);
|
|
+ cbuf = crypt(pw, salt);
|
|
+ if (cbuf == NULL) {
|
|
+ char errbuf[128];
|
|
+
|
|
+ apr_snprintf(record, rlen-1, "crypt() failed: %s",
|
|
+ apr_strerror(errno, errbuf, sizeof errbuf));
|
|
+ return ERR_PWMISMATCH;
|
|
+ }
|
|
+
|
|
+ apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1);
|
|
if (strlen(pw) > 8) {
|
|
char *truncpw = strdup(pw);
|
|
truncpw[8] = '\0';
|