diff options
| author | Stefan Fritsch <sf@apache.org> | 2013-04-05 20:15:15 +0000 |
|---|---|---|
| committer | Stefan Fritsch <sf@apache.org> | 2013-04-05 20:15:15 +0000 |
| commit | e84335b00da02b4b85031dcd029a4cdbe0492e1a (patch) | |
| tree | 8c7696f3b719b3acea28b4c9473d6c6205b7454d /support/passwd_common.c | |
| parent | 52b220298db98de2059545c4713ff61202c7e971 (diff) | |
| download | httpd-e84335b00da02b4b85031dcd029a4cdbe0492e1a.tar.gz | |
fix htpasswd/htdbm brown paper bag bugs
- use the correct string to generate the hash from. PR 54735
- print error message instead of empty string
while there, replace strdup + check for oom with apr_pstrdup
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1465115 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'support/passwd_common.c')
| -rw-r--r-- | support/passwd_common.c | 31 |
1 files changed, 14 insertions, 17 deletions
diff --git a/support/passwd_common.c b/support/passwd_common.c index 7636835902..95612b70c3 100644 --- a/support/passwd_common.c +++ b/support/passwd_common.c @@ -113,17 +113,17 @@ void putline(apr_file_t *f, const char *l) int get_password(struct passwd_ctx *ctx) { + char buf[MAX_STRING_LEN + 1]; if (ctx->passwd_src == PW_STDIN) { - char *buf = ctx->out; apr_file_t *file_stdin; apr_size_t nread; if (apr_file_open_stdin(&file_stdin, ctx->pool) != APR_SUCCESS) { ctx->errstr = "Unable to read from stdin."; return ERR_GENERAL; } - if (apr_file_read_full(file_stdin, buf, ctx->out_len - 1, + if (apr_file_read_full(file_stdin, buf, sizeof(buf) - 1, &nread) != APR_EOF - || nread == ctx->out_len - 1) { + || nread == sizeof(buf) - 1) { goto err_too_long; } buf[nread] = '\0'; @@ -133,21 +133,24 @@ int get_password(struct passwd_ctx *ctx) buf[nread-2] = '\0'; } apr_file_close(file_stdin); + ctx->passwd = apr_pstrdup(ctx->pool, buf); } else { - char buf[MAX_STRING_LEN + 1]; apr_size_t bufsize = sizeof(buf); - if (apr_password_get("New password: ", ctx->out, &ctx->out_len) != 0) + if (apr_password_get("New password: ", buf, &bufsize) != 0) goto err_too_long; + ctx->passwd = apr_pstrdup(ctx->pool, buf); + bufsize = sizeof(buf); + buf[0] = '\0'; apr_password_get("Re-type new password: ", buf, &bufsize); - if (strcmp(ctx->out, buf) != 0) { + if (strcmp(ctx->passwd, buf) != 0) { ctx->errstr = "password verification error"; - memset(ctx->out, '\0', ctx->out_len); + memset(ctx->passwd, '\0', strlen(ctx->passwd)); memset(buf, '\0', sizeof(buf)); return ERR_PWMISMATCH; } - memset(buf, '\0', sizeof(buf)); } + memset(buf, '\0', sizeof(buf)); return 0; err_too_long: @@ -164,7 +167,6 @@ err_too_long: int mkhash(struct passwd_ctx *ctx) { char *pw; - char pwin[MAX_STRING_LEN]; char salt[16]; apr_status_t rv; int ret = 0; @@ -177,14 +179,11 @@ int mkhash(struct passwd_ctx *ctx) "Warning: Ignoring -C argument for this algorithm." NL); } - if (ctx->passwd != NULL) { - pw = ctx->passwd; - } - else { + if (ctx->passwd == NULL) { if ((ret = get_password(ctx)) != 0) return ret; - pw = pwin; } + pw = ctx->passwd; switch (ctx->alg) { case ALG_APSHA: @@ -224,9 +223,7 @@ int mkhash(struct passwd_ctx *ctx) apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1); if (strlen(pw) > 8) { - char *truncpw = strdup(pw); - if (truncpw == NULL) - abort_on_oom(0); + char *truncpw = apr_pstrdup(ctx->pool, pw); truncpw[8] = '\0'; if (!strcmp(ctx->out, crypt(truncpw, salt))) { apr_file_printf(errfile, "Warning: Password truncated to 8 " |