You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jw...@apache.org on 2001/10/01 21:19:45 UTC
cvs commit: httpd-2.0/support htdigest.c
jwoolley 01/10/01 12:19:45
Modified: support htdigest.c
Log:
Switch from tmpnam() to apr_file_mktemp() so that gcc with a recent glibc
will shut the hell up about tmpnam() being unsafe. htpasswd.c needs a
similar treatment, but it won't be _quite_ as easy since htpasswd has not
been completely apr-ized yet.
Revision Changes Path
1.27 +13 -14 httpd-2.0/support/htdigest.c
Index: htdigest.c
===================================================================
RCS file: /home/cvs/httpd-2.0/support/htdigest.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -d -u -r1.26 -r1.27
--- htdigest.c 2001/06/11 14:46:30 1.26
+++ htdigest.c 2001/10/01 19:19:45 1.27
@@ -97,7 +97,7 @@
#define MAX_STRING_LEN 256
-char *tn;
+apr_file_t *tfp = NULL;
apr_pool_t *cntxt;
#if APR_CHARSET_EBCDIC
apr_xlate_t *to_ascii;
@@ -166,8 +166,8 @@
apr_password_get("Re-type new password: ", pwv, &len);
if (strcmp(pwin, pwv) != 0) {
fprintf(stderr, "They don't match, sorry.\n");
- if (tn) {
- apr_file_remove(tn, cntxt);
+ if (tfp) {
+ apr_file_close(tfp);
}
exit(1);
}
@@ -200,8 +200,9 @@
static void interrupted(void)
{
fprintf(stderr, "Interrupted.\n");
- if (tn)
- apr_file_remove(tn, cntxt);
+ if (tfp) {
+ apr_file_close(tfp);
+ }
exit(1);
}
@@ -212,8 +213,9 @@
int main(int argc, char *argv[])
{
- apr_file_t *tfp = NULL, *f;
+ apr_file_t *f;
apr_status_t rv;
+ char tn[] = "htdigest.tmp.XXXXXX";
char user[MAX_STRING_LEN];
char realm[MAX_STRING_LEN];
char line[MAX_STRING_LEN];
@@ -241,12 +243,11 @@
}
#endif
- tn = NULL;
apr_signal(SIGINT, (void (*)(int)) interrupted);
if (argc == 5) {
if (strcmp(argv[1], "-c"))
usage();
- rv = apr_file_open(&tfp, argv[2], APR_WRITE | APR_CREATE, -1, cntxt);
+ rv = apr_file_open(&f, argv[2], APR_WRITE | APR_CREATE, -1, cntxt);
if (rv != APR_SUCCESS) {
char errmsg[120];
@@ -256,15 +257,14 @@
exit(1);
}
printf("Adding password for %s in realm %s.\n", argv[4], argv[3]);
- add_password(argv[4], argv[3], tfp);
- apr_file_close(tfp);
+ add_password(argv[4], argv[3], f);
+ apr_file_close(f);
exit(0);
}
else if (argc != 4)
usage();
- tn = tmpnam(NULL);
- if (apr_file_open(&tfp, tn, APR_WRITE | APR_CREATE, -1, cntxt)!= APR_SUCCESS) {
+ if (apr_file_mktemp(&tfp, tn, cntxt) != APR_SUCCESS) {
fprintf(stderr, "Could not open temp file.\n");
exit(1);
}
@@ -302,13 +302,12 @@
add_password(user, realm, tfp);
}
apr_file_close(f);
- apr_file_close(tfp);
#if defined(OS2) || defined(WIN32)
sprintf(command, "copy \"%s\" \"%s\"", tn, argv[1]);
#else
sprintf(command, "cp %s %s", tn, argv[1]);
#endif
system(command);
- apr_file_remove(tn, cntxt);
+ apr_file_close(tfp);
return 0;
}