diff options
| author | Joe Orton <jorton@apache.org> | 2012-06-06 14:20:27 +0000 |
|---|---|---|
| committer | Joe Orton <jorton@apache.org> | 2012-06-06 14:20:27 +0000 |
| commit | 658147f2d27439282dd44b601439d2e7672612e7 (patch) | |
| tree | a20a2ce7fdcf9cf17294d4d27a340c8478f64d39 /support | |
| parent | 9bb78757f28228e04d0bece3f1b28b6eb6b885b8 (diff) | |
| download | httpd-658147f2d27439282dd44b601439d2e7672612e7.tar.gz | |
* support/htpasswd.c (mkrecord): Handle crypt() failure.
* support/htdbm.c (htdbm_make): Handle crypt() failure.
Submitted by: Paul Wouters <pwouters redhat.com>, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1346905 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'support')
| -rw-r--r-- | support/htdbm.c | 13 | ||||
| -rw-r--r-- | support/htpasswd.c | 14 |
2 files changed, 25 insertions, 2 deletions
diff --git a/support/htdbm.c b/support/htdbm.c index f9a02bd49c..4898ed8c18 100644 --- a/support/htdbm.c +++ b/support/htdbm.c @@ -288,6 +288,9 @@ static apr_status_t htdbm_make(htdbm_t *htdbm) { char cpw[MAX_STRING_LEN]; char salt[9]; +#if (!(defined(WIN32) || defined(NETWARE))) + char *cbuf; +#endif switch (htdbm->alg) { case ALG_APSHA: @@ -315,7 +318,15 @@ static apr_status_t htdbm_make(htdbm_t *htdbm) (void) srand((int) time((time_t *) NULL)); to64(&salt[0], rand(), 8); salt[8] = '\0'; - apr_cpystrn(cpw, crypt(htdbm->userpass, salt), sizeof(cpw) - 1); + cbuf = crypt(htdbm->userpass, salt); + if (cbuf == NULL) { + char errbuf[128]; + + fprintf(stderr, "crypt() failed: %s\n", + apr_strerror(errno, errbuf, sizeof errbuf)); + exit(ERR_PWMISMATCH); + } + apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1); fprintf(stderr, "CRYPT is now deprecated, use MD5 instead!\n"); #endif default: diff --git a/support/htpasswd.c b/support/htpasswd.c index f67076fffc..16e55a0630 100644 --- a/support/htpasswd.c +++ b/support/htpasswd.c @@ -174,6 +174,9 @@ static int mkrecord(char *user, char *record, apr_size_t rlen, char *passwd, char pwv[MAX_STRING_LEN]; char salt[9]; apr_size_t bufsize; +#if CRYPT_ALGO_SUPPORTED + char *cbuf; +#endif if (passwd != NULL) { pw = passwd; @@ -226,7 +229,16 @@ static int mkrecord(char *user, char *record, apr_size_t rlen, char *passwd, to64(&salt[0], rand(), 8); salt[8] = '\0'; - apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1); + cbuf = crypt(pw, salt); + if (cbuf == NULL) { + char errbuf[128]; + + apr_snprintf(record, rlen-1, "crypt() failed: %s", + apr_strerror(errno, errbuf, sizeof errbuf)); + return ERR_PWMISMATCH; + } + + apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1); if (strlen(pw) > 8) { char *truncpw = strdup(pw); truncpw[8] = '\0'; |