Bug? in 1.3 htdigest?

[Thom May <th...@planetarytramp.net>]

Hey guys,
just wondering why we use system(copy...)/system(cp...) in htdigest in 1.3, 
when the netware option seems to be more secure?
The patch attached just rips out the ifdef and uses the netware code
globally.
-Thom

Re: Bug? in 1.3 htdigest?

[Jim Jagielski <ji...@apache.org>]

+1

On Mar 2, 2004, at 10:41 AM, Thom May wrote:

> * Thom May (thom@planetarytramp.net) wrote :
>> Hey guys,
>> just wondering why we use system(copy...)/system(cp...) in htdigest 
>> in 1.3,
>> when the netware option seems to be more secure?
>> The patch attached just rips out the ifdef and uses the netware code
>> globally.
> No complaints? Suggestions?
> I'll commit tonight then?
> -Thom
>
>
>> Index: htdigest.c
>> ===================================================================
>> RCS file: /home/cvs/apache-1.3/src/support/htdigest.c,v
>> retrieving revision 1.39
>> diff -u -r1.39 htdigest.c
>> --- htdigest.c	20 Feb 2004 22:02:24 -0000	1.39
>> +++ htdigest.c	29 Feb 2004 18:50:18 -0000
>> @@ -152,7 +152,6 @@
>>  }
>>
>>
>> -#ifdef NETWARE
>>  static void copy_file(FILE *target, FILE *source)
>>  {
>>      static char line[MAX_STRING_LEN];
>> @@ -161,7 +160,6 @@
>>  	putline(target, line);
>>      }
>>  }
>> -#endif
>>
>>  int main(int argc, char *argv[])
>>  {
>> @@ -239,14 +237,7 @@
>>      }
>>      fclose(f);
>>      fclose(tfp);
>> -#ifndef NETWARE
>> -#if defined(OS2) || defined(WIN32)
>> -    sprintf(command, "copy \"%s\" \"%s\"", tn, argv[1]);
>> -#else
>> -    sprintf(command, "cp %s %s", tn, argv[1]);
>> -#endif
>> -    system(command);
>> -#else
>> +
>>      if (!(tfp = fopen(tn, "r"))) {
>>      fprintf(stderr, "Could not open temp file.\n");
>>      exit(1);
>> @@ -258,7 +249,6 @@
>>      }
>>
>>      copy_file(f, tfp);
>> -#endif
>>      unlink(tn);
>>      return 0;
>>  }
>

Re: Bug? in 1.3 htdigest?

[André Malo <nd...@perlig.de>]

* Thom May <th...@planetarytramp.net> wrote:

> fix to 2.1 and then proposing it for backport to a totally different
> codebase somewhat blows my mind.
> IMO the two should happen more or less in parallel...

If (and only if) you have three +1 for the 1.3 patch (i.e. just one more),
then you can do it that way (RTC).

I'm working similar. For fixes in different code bases I often provide more
than one patch for review.

I'd give a +1 (I *do* on concept) but I can't test currently, sorry. I bet,
someone else certainly can. :)

nd

Re: Bug? in 1.3 htdigest?

[Thom May <th...@planetarytramp.net>]

* Andr? Malo (nd@perlig.de) wrote :
> * Thom May <th...@planetarytramp.net> wrote:
> 
> > * Thom May (thom@planetarytramp.net) wrote :
> > > Hey guys,
> > > just wondering why we use system(copy...)/system(cp...) in htdigest in
> > > 1.3, when the netware option seems to be more secure?
> > > The patch attached just rips out the ifdef and uses the netware code
> > > globally.
> > No complaints? Suggestions?
> > I'll commit tonight then?
> 
> 
> I'd suggest you start with 2.1 and propose it for backport.
> 
I have to say that while, yes 2.x needs fixing too, the concept of making a
fix to 2.1 and then proposing it for backport to a totally different
codebase somewhat blows my mind.
IMO the two should happen more or less in parallel...
-Thom

Re: Bug? in 1.3 htdigest?

[André Malo <nd...@perlig.de>]

* Thom May <th...@planetarytramp.net> wrote:

> * Thom May (thom@planetarytramp.net) wrote :
> > Hey guys,
> > just wondering why we use system(copy...)/system(cp...) in htdigest in
> > 1.3, when the netware option seems to be more secure?
> > The patch attached just rips out the ifdef and uses the netware code
> > globally.
> No complaints? Suggestions?
> I'll commit tonight then?


I'd suggest you start with 2.1 and propose it for backport.

nd

Re: Bug? in 1.3 htdigest?

[Thom May <th...@planetarytramp.net>]

* Thom May (thom@planetarytramp.net) wrote :
> Hey guys,
> just wondering why we use system(copy...)/system(cp...) in htdigest in 1.3, 
> when the netware option seems to be more secure?
> The patch attached just rips out the ifdef and uses the netware code
> globally.
No complaints? Suggestions?
I'll commit tonight then?
-Thom


> Index: htdigest.c
> ===================================================================
> RCS file: /home/cvs/apache-1.3/src/support/htdigest.c,v
> retrieving revision 1.39
> diff -u -r1.39 htdigest.c
> --- htdigest.c	20 Feb 2004 22:02:24 -0000	1.39
> +++ htdigest.c	29 Feb 2004 18:50:18 -0000
> @@ -152,7 +152,6 @@
>  }
>  
>  
> -#ifdef NETWARE
>  static void copy_file(FILE *target, FILE *source)
>  {
>      static char line[MAX_STRING_LEN];
> @@ -161,7 +160,6 @@
>  	putline(target, line);
>      }
>  }
> -#endif
>  
>  int main(int argc, char *argv[])
>  {
> @@ -239,14 +237,7 @@
>      }   
>      fclose(f);
>      fclose(tfp);
> -#ifndef NETWARE
> -#if defined(OS2) || defined(WIN32)
> -    sprintf(command, "copy \"%s\" \"%s\"", tn, argv[1]);
> -#else
> -    sprintf(command, "cp %s %s", tn, argv[1]);
> -#endif
> -    system(command);
> -#else
> +
>      if (!(tfp = fopen(tn, "r"))) {
>      fprintf(stderr, "Could not open temp file.\n");
>      exit(1);
> @@ -258,7 +249,6 @@
>      }
>      
>      copy_file(f, tfp);
> -#endif
>      unlink(tn);
>      return 0;
>  }