diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2020-07-15 03:16:31 -0400 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2020-07-16 00:29:43 -0400 |
commit | 3dca923591752bf0e43869e50ebba8bc5b71f7c6 (patch) | |
tree | 88a1858e55da046badb07ed8dfac02f2c283e587 /src/mod_authn_mysql.c | |
parent | fed2ecae19a5eacd8a973d0788a96b27fd1778d1 (diff) | |
download | lighttpd-git-3dca923591752bf0e43869e50ebba8bc5b71f7c6.tar.gz |
[mod_authn_mysql,file] use crypt() to save stack
use crypt() instead of crypt_r() to save stack space,
as struct crypt_data might be very large.
While crypt() is not thread-safe, lighttpd is single-threaded
Diffstat (limited to 'src/mod_authn_mysql.c')
-rw-r--r-- | src/mod_authn_mysql.c | 57 |
1 files changed, 18 insertions, 39 deletions
diff --git a/src/mod_authn_mysql.c b/src/mod_authn_mysql.c index 0e28e06b..47f75bfe 100644 --- a/src/mod_authn_mysql.c +++ b/src/mod_authn_mysql.c @@ -1,5 +1,3 @@ -#include "first.h" - /* mod_authn_mysql * * KNOWN LIMITATIONS: @@ -17,6 +15,17 @@ * (fixed) one-element cache for persistent connection open to last used db * TODO: db connection pool (if asynchronous requests) */ +#include "first.h" + +#if defined(HAVE_CRYPT_R) || defined(HAVE_CRYPT) +#ifndef _XOPEN_CRYPT +#define _XOPEN_CRYPT 1 +#endif +#include <unistd.h> /* crypt() */ +#endif +#ifdef HAVE_CRYPT_H +#include <crypt.h> +#endif #include <mysql.h> @@ -24,18 +33,12 @@ #include "http_auth.h" #include "log.h" #include "plugin.h" +#include "safe_memclear.h" #include <stdio.h> #include <stdlib.h> #include <string.h> -#if defined(HAVE_CRYPT_R) || defined(HAVE_CRYPT) -#include <unistd.h> /* crypt() */ -#endif -#ifdef HAVE_CRYPT_H -#include <crypt.h> -#endif - #include "sys-crypto-md.h" typedef struct { @@ -293,36 +296,12 @@ SETDEFAULTS_FUNC(mod_authn_mysql_set_defaults) { static int mod_authn_mysql_password_cmp(const char *userpw, unsigned long userpwlen, const char *reqpw) { #if defined(HAVE_CRYPT_R) || defined(HAVE_CRYPT) - if (userpwlen >= 3 && userpw[0] == '$' && userpw[2] == '$') { - /* md5 crypt() - * request by Nicola Tiling <nti@w4w.net> */ - const char *saltb = userpw+3; - const char *salte = strchr(saltb, '$'); - char salt[32]; - size_t slen = (NULL != salte) ? (size_t)(salte - saltb) : sizeof(salt); - - if (slen < sizeof(salt)) { - char *crypted; - #if defined(HAVE_CRYPT_R) - struct crypt_data crypt_tmp_data; - #ifdef _AIX - memset(&crypt_tmp_data, 0, sizeof(crypt_tmp_data)); - #else - crypt_tmp_data.initialized = 0; - #endif - #endif - memcpy(salt, saltb, slen); - salt[slen] = '\0'; - - #if defined(HAVE_CRYPT_R) - crypted = crypt_r(reqpw, salt, &crypt_tmp_data); - #else - crypted = crypt(reqpw, salt); - #endif - if (NULL != crypted) { - return strcmp(userpw, crypted); - } - } + if (userpwlen >= 3 && userpw[0] == '$') { + char *crypted = crypt(reqpw, userpw); + size_t crypwlen = (NULL != crypted) ? strlen(crypted) : 0; + int rc = (crypwlen == userpwlen) ? memcmp(crypted, userpw, crypwlen) : -1; + safe_memclear(crypted, crypwlen); + return rc; } else #endif |