You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by nd...@apache.org on 2003/05/13 05:40:29 UTC
cvs commit: httpd-2.0/support htpasswd.c
nd 2003/05/12 20:40:29
Modified: . CHANGES STATUS
support htpasswd.c
Log:
(grabbed from archive)
Check the processed file on validity. If a line is not empty
and not a comment, it must contain at least one colon. Otherwise exit
with error code 7.
Submitted by: Thom May <th...@planetarytramp.net> (on 2002-07-02)
Kris Verbeeck <Kr...@ubizen.com> (on 2002-10-22)
Revision Changes Path
1.1163 +4 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.1162
retrieving revision 1.1163
diff -u -r1.1162 -r1.1163
--- CHANGES 13 May 2003 00:46:30 -0000 1.1162
+++ CHANGES 13 May 2003 03:40:27 -0000 1.1163
@@ -2,6 +2,10 @@
[Remove entries to the current 2.0 section below, when backported]
+ *) htpasswd: Check the processed file on validity. If a line is not empty
+ and not a comment, it must contain at least one colon. Otherwise exit
+ with error code 7. [Kris Verbeeck <Kr...@ubizen.com>, Thom May]
+
*) Use appropriate language code for Czech (cs) in default config
files. PR 9427. [Andr� Malo]
1.761 +1 -8 httpd-2.0/STATUS
Index: STATUS
===================================================================
RCS file: /home/cvs/httpd-2.0/STATUS,v
retrieving revision 1.760
retrieving revision 1.761
diff -u -r1.760 -r1.761
--- STATUS 7 Mar 2003 20:24:07 -0000 1.760
+++ STATUS 13 May 2003 03:40:28 -0000 1.761
@@ -166,13 +166,6 @@
the same time. This mode lets us do that, so the MPM can be
fixed.
- * htpasswd blindly processes the file you give it, and does no
- sanity checking before totally corrupting whatever file it was
- you thought you had. It should check the input file and bail
- if it finds non-comment lines that do not contain exactly 1
- ':' character.
- Message-ID: <20...@clove.org>
-
* Can a static httpd be built reliably?
Message-ID: <20...@clove.org>
1.69 +14 -0 httpd-2.0/support/htpasswd.c
Index: htpasswd.c
===================================================================
RCS file: /home/cvs/httpd-2.0/support/htpasswd.c,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- htpasswd.c 3 Feb 2003 17:53:27 -0000 1.68
+++ htpasswd.c 13 May 2003 03:40:29 -0000 1.69
@@ -77,6 +77,7 @@
* 5: Failure; buffer would overflow (username, filename, or computed
* record too long)
* 6: Failure; username contains illegal or reserved characters
+ * 7: Failure; file is not a valid htpasswd file
*/
#include "apr.h"
@@ -133,6 +134,7 @@
#define ERR_INTERRUPTED 4
#define ERR_OVERFLOW 5
#define ERR_BADUSER 6
+#define ERR_INVALID 7
#define APHTP_NEWFILE 1
#define APHTP_NOFILE 2
@@ -577,6 +579,18 @@
colon = strchr(scratch, ':');
if (colon != NULL) {
*colon = '\0';
+ }
+ else {
+ /*
+ * If we've not got a colon on the line, this could well
+ * not be a valid htpasswd file.
+ * We should bail at this point.
+ */
+ apr_file_printf(errfile, "\n%s: The file %s does not appear "
+ "to be a valid htpasswd file.\n",
+ argv[0], pwfilename);
+ apr_file_close(fpw);
+ exit(ERR_INVALID);
}
if (strcmp(user, scratch) != 0) {
putline(ftemp, line);