1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
# ./pullrev.sh 1346905
https://bugzilla.redhat.com/show_bug.cgi?id=818684
http://svn.apache.org/viewvc?view=revision&revision=1346905
--- httpd-2.4.2/support/htdbm.c
+++ httpd-2.4.2/support/htdbm.c
@@ -288,6 +288,9 @@
{
char cpw[MAX_STRING_LEN];
char salt[9];
+#if (!(defined(WIN32) || defined(NETWARE)))
+ char *cbuf;
+#endif
switch (htdbm->alg) {
case ALG_APSHA:
@@ -315,7 +318,15 @@
(void) srand((int) time((time_t *) NULL));
to64(&salt[0], rand(), 8);
salt[8] = '\0';
- apr_cpystrn(cpw, crypt(htdbm->userpass, salt), sizeof(cpw) - 1);
+ cbuf = crypt(htdbm->userpass, salt);
+ if (cbuf == NULL) {
+ char errbuf[128];
+
+ fprintf(stderr, "crypt() failed: %s\n",
+ apr_strerror(errno, errbuf, sizeof errbuf));
+ exit(ERR_PWMISMATCH);
+ }
+ apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1);
fprintf(stderr, "CRYPT is now deprecated, use MD5 instead!\n");
#endif
default:
--- httpd-2.4.2/support/htpasswd.c
+++ httpd-2.4.2/support/htpasswd.c
@@ -174,6 +174,9 @@
char pwv[MAX_STRING_LEN];
char salt[9];
apr_size_t bufsize;
+#if CRYPT_ALGO_SUPPORTED
+ char *cbuf;
+#endif
if (passwd != NULL) {
pw = passwd;
@@ -226,7 +229,16 @@
to64(&salt[0], rand(), 8);
salt[8] = '\0';
- apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1);
+ cbuf = crypt(pw, salt);
+ if (cbuf == NULL) {
+ char errbuf[128];
+
+ apr_snprintf(record, rlen-1, "crypt() failed: %s",
+ apr_strerror(errno, errbuf, sizeof errbuf));
+ return ERR_PWMISMATCH;
+ }
+
+ apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1);
if (strlen(pw) > 8) {
char *truncpw = strdup(pw);
truncpw[8] = '\0';
|
