diff options
Diffstat (limited to 'httpd-2.4.2-r1346905.patch')
| -rw-r--r-- | httpd-2.4.2-r1346905.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/httpd-2.4.2-r1346905.patch b/httpd-2.4.2-r1346905.patch new file mode 100644 index 0000000..e94558e --- /dev/null +++ b/httpd-2.4.2-r1346905.patch @@ -0,0 +1,65 @@ +# ./pullrev.sh 1346905 + +https://bugzilla.redhat.com/show_bug.cgi?id=818684 + +http://svn.apache.org/viewvc?view=revision&revision=1346905 + +--- httpd-2.4.2/support/htdbm.c ++++ httpd-2.4.2/support/htdbm.c +@@ -288,6 +288,9 @@ + { + char cpw[MAX_STRING_LEN]; + char salt[9]; ++#if (!(defined(WIN32) || defined(NETWARE))) ++ char *cbuf; ++#endif + + switch (htdbm->alg) { + case ALG_APSHA: +@@ -315,7 +318,15 @@ + (void) srand((int) time((time_t *) NULL)); + to64(&salt[0], rand(), 8); + salt[8] = '\0'; +- apr_cpystrn(cpw, crypt(htdbm->userpass, salt), sizeof(cpw) - 1); ++ cbuf = crypt(htdbm->userpass, salt); ++ if (cbuf == NULL) { ++ char errbuf[128]; ++ ++ fprintf(stderr, "crypt() failed: %s\n", ++ apr_strerror(errno, errbuf, sizeof errbuf)); ++ exit(ERR_PWMISMATCH); ++ } ++ apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1); + fprintf(stderr, "CRYPT is now deprecated, use MD5 instead!\n"); + #endif + default: +--- httpd-2.4.2/support/htpasswd.c ++++ httpd-2.4.2/support/htpasswd.c +@@ -174,6 +174,9 @@ + char pwv[MAX_STRING_LEN]; + char salt[9]; + apr_size_t bufsize; ++#if CRYPT_ALGO_SUPPORTED ++ char *cbuf; ++#endif + + if (passwd != NULL) { + pw = passwd; +@@ -226,7 +229,16 @@ + to64(&salt[0], rand(), 8); + salt[8] = '\0'; + +- apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1); ++ cbuf = crypt(pw, salt); ++ if (cbuf == NULL) { ++ char errbuf[128]; ++ ++ apr_snprintf(record, rlen-1, "crypt() failed: %s", ++ apr_strerror(errno, errbuf, sizeof errbuf)); ++ return ERR_PWMISMATCH; ++ } ++ ++ apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1); + if (strlen(pw) > 8) { + char *truncpw = strdup(pw); + truncpw[8] = '\0'; |